Filtered by vendor Nopcommerce
Subscribe
Search
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27461 | 1 Nopcommerce | 1 Nopcommerce | 2022-05-12 | 5.8 MEDIUM | 6.1 MEDIUM |
| In nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authenticate to a nopCommerce page by clicking on a crafted link. | |||||
| CVE-2022-28448 | 1 Nopcommerce | 1 Nopcommerce | 2022-05-04 | 3.5 LOW | 5.4 MEDIUM |
| nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An attacker (role customer) can inject javascript code to First name or Last name at Customer Info. | |||||
| CVE-2022-28449 | 1 Nopcommerce | 1 Nopcommerce | 2022-05-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At Apply for vendor account feature, an attacker can upload an arbitrary file to the system. | |||||
| CVE-2022-28450 | 1 Nopcommerce | 1 Nopcommerce | 2022-05-04 | 3.5 LOW | 5.4 MEDIUM |
| nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the "Text" parameter (forums) when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser. | |||||
| CVE-2021-26916 | 1 Nopcommerce | 1 Nopcommerce | 2021-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| In nopCommerce 4.30, a Reflected XSS issue in the Discount Coupon component allows remote attackers to inject arbitrary web script or HTML through the Filters/CheckDiscountCouponAttribute.cs discountcode parameter. | |||||
| CVE-2020-29475 | 1 Nopcommerce | 1 Store | 2020-12-30 | 3.5 LOW | 4.8 MEDIUM |
| nopCommerce Store 4.30 is affected by cross-site scripting (XSS) in the Schedule tasks name field. This vulnerability can allow an attacker to inject the XSS payload in Schedule tasks and each time any user will go to that page of the website, the XSS triggers and attacker can able to steal the cookie according to the crafted payload. | |||||
| CVE-2019-19682 | 1 Nopcommerce | 1 Nopcommerce | 2019-12-10 | 3.5 LOW | 4.8 MEDIUM |
| nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the components \Presentation\Nop.Web\Areas\Admin\Controllers\NewsController.cs and \Presentation\Nop.Web\Areas\Admin\Controllers\BlogController.cs via Body or Full to Admin/News/NewsItemEdit/[id] Admin/Blog/BlogPostEdit/[id]. NOTE: the vendor reportedly considers this a "feature" because the affected components are an HTML content editor. | |||||
| CVE-2019-11519 | 1 Nopcommerce | 1 Nopcommerce | 2019-05-01 | 4.0 MEDIUM | 4.9 MEDIUM |
| Libraries/Nop.Services/Localization/LocalizationService.cs in nopCommerce through 4.10 allows XXE via the "Configurations -> Languages -> Edit Language -> Import Resources -> Upload XML file" screen. | |||||