CVE-2026-39428

Name of the Vulnerable Software and Affected Versions CubeCart versions prior to 6.6.0

Description A Stored Cross-Site Scripting (XSS) issue exists where an attacker with administrative privileges can inject malicious JavaScript payloads into multiple fields during the creation or modification of a product. These payloads are stored in the database and executed when a user, such as a customer or another administrator, views the affected product pages, potentially leading to session hijacking or unauthorized actions.

Recommendations Update to version 6.6.0.