5 matches found
CVE-2019-19682
nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the components \Presentation\Nop.Web\Areas\Admin\Controllers\NewsController.cs and \Presentation\Nop.Web\Areas\Admin\Controllers\BlogController.cs via Body or Full to Admin/News/NewsItemEdit/id Admin/Blog/BlogPostEdit/id. NOTE: the...
CVE-2020-19682
creationtimestamp| type| source ---|---|--- 2021-12-09 20:24:03+00:00| seen| https://t.me/cibsecurity/33719...
CVE-2020-19682
CVE-2020-19682 is a CSRF vulnerability in ZZZCMS V1.7.1, exposed via the save_user function in save.php. Multiple sources (NVD, Red Hat, CVE lists, CNNVD) describe the issue as CSRF due to a lack of token validation in the save_user path. CVSS metrics indicate a high-severity impact (CVSS 3.1: Ne...
CVE-2019-19682
nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the components \Presentation\Nop.Web\Areas\Admin\Controllers\NewsController.cs and \Presentation\Nop.Web\Areas\Admin\Controllers\BlogController.cs via Body or Full to Admin/News/NewsItemEdit/id Admin/Blog/BlogPostEdit/id. NOTE: the...
CVE-2019-19682
nopCommerce