Lucene search

GoogleOSV:CVE-2022-26954

HistoryOct 20, 2022 - 11:15 a.m.

CVE-2022-26954

2022-10-2011:15:10

Google

osv.dev

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

40.0%

JSON

Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.50.1 allow remote attackers to conduct phishing attacks by redirecting users to attacker-controlled web sites via the returnUrl parameter, processed by the (1) ChangePassword function, (2) SignInCustomerAsync function, (3) SuccessfulAuthentication method, or (4) NopRedirectResultExecutor class.

CPENameOperatorVersion
nopcommerceeqrelease-4.30-release-candicate
nopcommerceeqrelease-4.50.1
nopcommerceeqrelease-4.40-beta
nopcommerceeqrelease-4.50.0-beta
nopcommerceeqrelease-4.40.4
nopcommerceeqrelease-4.10
nopcommerceeqrelease-4.20-beta
nopcommerceeqrelease-4.20
nopcommerceeqrelease-4.30
nopcommerceeqrelease-4.30-beta

Name	Operator	Version
nopcommerce	eq	release-4.30-release-candicate
nopcommerce	eq	release-4.50.1
nopcommerce	eq	release-4.40-beta
nopcommerce	eq	release-4.50.0-beta
nopcommerce	eq	release-4.40.4
nopcommerce	eq	release-4.10
nopcommerce	eq	release-4.20-beta
nopcommerce	eq	release-4.20
nopcommerce	eq	release-4.30
nopcommerce	eq	release-4.30-beta

Rows per page:

1-10 of 151

References

gist.github.com/adeadfed/baea45138b7eb29e09f6505d56b56413

github.com/nopSolutions/nopCommerce/releases

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

40.0%

JSON

Related for OSV:CVE-2022-26954