3 matches found
Cross-site Request Forgery (CSRF)
Overview NopCommerce.Core is an open-source e-commerce shopping cart solution. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the "Run now" button of the "Schedule Tasks" functionality. An attacker can run a scheduled task without the victim users consent ...
Race Condition
Overview NopCommerce.Nop.Core is an A set of core classes for nopCommerce, such as caching, events, helpers, and business objects for example, Order and Customer entities. Affected versions of this package are vulnerable to Race Condition due to the lack of locking mechanisms during order...
Race Condition
Overview NopCommerce.Core is an open-source e-commerce shopping cart solution. Affected versions of this package are vulnerable to Race Condition due to the lack of locking mechanisms during order placement. An attacker can exploit this issue to redeem gift cards multiple times by initiating...