4 matches found
CVE-2022-26954
Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.50.1 allow remote attackers to conduct phishing attacks by redirecting users to attacker-controlled web sites via the returnUrl parameter, processed by the 1 ChangePassword function, 2 SignInCustomerAsync function, 3...
CVE-2022-26954
creationtimestamp| type| source ---|---|--- 2022-10-20 14:21:16+00:00| seen| https://t.me/cibsecurity/51865 2025-05-08 18:24:19+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/15576...
CVE-2022-26954
CVE-2022-26954 affects nopCommerce 4.10–4.50.1 and describes open redirect vulnerabilities that allow remote attackers to phishing-users to attacker-controlled sites through the returnUrl parameter. The returnUrl is processed by the ChangePassword function, SignInCustomerAsync function, Successfu...
CVE-2022-26954
Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.50.1 allow remote attackers to conduct phishing attacks by redirecting users to attacker-controlled web sites via the returnUrl parameter, processed by the 1 ChangePassword function, 2 SignInCustomerAsync function, 3...