219 matches found
CVE-2022-33077
An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer's address via the addressedit endpoint...
CVE-2019-11519
Libraries/Nop.Services/Localization/LocalizationService.cs in nopCommerce through 4.10 allows XXE via the "Configurations - Languages - Edit Language - Import Resources - Upload XML file" screen...
CVE-2022-27461
In nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authenticate to a nopCommerce page by clicking on a crafted link...
CVE-2025-65591
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Currencies functionality...
CVE-2025-65593
nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery CSRF via the Schedule Tasks functionality...
CVE-2025-65589
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Attributes functionality...
CVE-2025-65590
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Blog posts functionality in the Content Management area...
CVE-2025-65592
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS in the product management functionality. Malicious payloads inserted into the "Product Name" and "Short Description" fields are stored in the backend database and executed automatically whenever a user views the affected pages...
EUVD-2025-203838
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Blog posts functionality in the Content Management area...
EUVD-2025-203832
nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery CSRF via the Schedule Tasks functionality...
EUVD-2025-203836
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Currencies functionality...
EUVD-2025-203833
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS in the product management functionality. Malicious payloads inserted into the "Product Name" and "Short Description" fields are stored in the backend database and executed automatically whenever a user views the affected pages...
Cross-site Request Forgery (CSRF)
Overview NopCommerce.Nop.Core is an A set of core classes for nopCommerce, such as caching, events, helpers, and business objects for example, Order and Customer entities. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the "Run now" button of the "Schedule...
Cross-site Request Forgery (CSRF)
Overview NopCommerce.Core is an open-source e-commerce shopping cart solution. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the "Run now" button of the "Schedule Tasks" functionality. An attacker can run a scheduled task without the victim users consent ...
CVE-2025-65593
nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery CSRF via the Schedule Tasks functionality...
CVE-2025-65593
nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery CSRF via the Schedule Tasks functionality...
CVE-2025-65591
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Currencies functionality...
CVE-2025-65590
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Blog posts functionality in the Content Management area...
CVE-2025-65592
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS in the product management functionality. Malicious payloads inserted into the "Product Name" and "Short Description" fields are stored in the backend database and executed automatically whenever a user views the affected pages...
CVE-2025-65592
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS in the product management functionality. Malicious payloads inserted into the "Product Name" and "Short Description" fields are stored in the backend database and executed automatically whenever a user views the affected pages...