3 matches found
CVE-2022-28449
creationtimestamp| type| source ---|---|--- 2022-04-27 00:37:31+00:00| seen| https://t.me/cibsecurity/41465...
CVE-2022-28449
CVE-2022-28449 concerns nopCommerce 4.50.1, where the vendor-account application flow allows uploading an arbitrary file. Multiple sources describe an unrestricted file-upload issue in this product version (notably via the user-facing Apply for Vendor Account path and related UploadAvatar logic i...
CVE-2022-28449
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS. At Apply for vendor account feature, an attacker can upload an arbitrary file to the system...