2 matches found
CVE-2022-28448
creationtimestamp| type| source ---|---|--- 2022-04-27 00:37:30+00:00| seen| https://t.me/cibsecurity/41464...
CVE-2022-28448
nopCommerce 4.50.1 is vulnerable to Cross-Site Scripting (XSS): an attacker with a customer role can inject JavaScript through the First name or Last name fields in Customer Info. The root cause is reflected input without HTML encoding. Several sources (CVE-2022-28448 listings) describe this vuln...