Lucene search
K

219 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:53 a.m.7 views

CVE-2022-33077

An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer's address via the addressedit endpoint...

7.5CVSS6.8AI score0.00647EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:11 a.m.8 views

CVE-2019-11519

Libraries/Nop.Services/Localization/LocalizationService.cs in nopCommerce through 4.10 allows XXE via the "Configurations - Languages - Edit Language - Import Resources - Upload XML file" screen...

4.9CVSS7AI score0.01214EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:48 a.m.9 views

CVE-2022-27461

In nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authenticate to a nopCommerce page by clicking on a crafted link...

6.1CVSS6.7AI score0.00678EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/17 8:7 a.m.4 views

CVE-2025-65591

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Currencies functionality...

5.4CVSS6.3AI score0.00199EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/17 8:7 a.m.4 views

CVE-2025-65589

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Attributes functionality...

6.1CVSS6.3AI score0.00337EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/17 8:7 a.m.4 views

CVE-2025-65593

nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery CSRF via the Schedule Tasks functionality...

8.8CVSS6.9AI score0.00274EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/17 8:7 a.m.6 views

CVE-2025-65590

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Blog posts functionality in the Content Management area...

5.4CVSS6.3AI score0.00193EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/17 8:7 a.m.4 views

CVE-2025-65592

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS in the product management functionality. Malicious payloads inserted into the "Product Name" and "Short Description" fields are stored in the backend database and executed automatically whenever a user views the affected pages...

6.1CVSS6AI score0.00218EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/16 9:30 p.m.5 views

EUVD-2025-203833

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS in the product management functionality. Malicious payloads inserted into the "Product Name" and "Short Description" fields are stored in the backend database and executed automatically whenever a user views the affected pages...

5.5AI score0.00218EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/16 9:30 p.m.4 views

EUVD-2025-203832

nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery CSRF via the Schedule Tasks functionality...

6.4AI score0.00274EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/16 9:30 p.m.4 views

EUVD-2025-203836

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Currencies functionality...

5.4CVSS5.7AI score0.00199EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/16 9:30 p.m.7 views

EUVD-2025-203838

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Blog posts functionality in the Content Management area...

5.4CVSS5.7AI score0.00193EPSS
Exploits0References4
Snyk
Snyk
added 2025/12/16 7:43 p.m.5 views

Cross-site Request Forgery (CSRF)

Overview NopCommerce.Core is an open-source e-commerce shopping cart solution. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the "Run now" button of the "Schedule Tasks" functionality. An attacker can run a scheduled task without the victim users consent ...

8.8CVSS6.9AI score0.00274EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/16 7:43 p.m.4 views

Cross-site Request Forgery (CSRF)

Overview NopCommerce.Nop.Core is an A set of core classes for nopCommerce, such as caching, events, helpers, and business objects for example, Order and Customer entities. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the "Run now" button of the "Schedule...

8.8CVSS6.9AI score0.00274EPSS
Exploits0References2
NVD
NVD
added 2025/12/16 7:15 p.m.6 views

CVE-2025-65593

nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery CSRF via the Schedule Tasks functionality...

8.8CVSS0.00274EPSS
Exploits0References3
NVD
NVD
added 2025/12/16 7:15 p.m.4 views

CVE-2025-65591

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Currencies functionality...

5.4CVSS0.00199EPSS
Exploits0References3
NVD
NVD
added 2025/12/16 7:15 p.m.4 views

CVE-2025-65590

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Blog posts functionality in the Content Management area...

5.4CVSS0.00193EPSS
Exploits0References3
NVD
NVD
added 2025/12/16 7:15 p.m.4 views

CVE-2025-65592

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS in the product management functionality. Malicious payloads inserted into the "Product Name" and "Short Description" fields are stored in the backend database and executed automatically whenever a user views the affected pages...

6.1CVSS0.00218EPSS
Exploits0References3
NVD
NVD
added 2025/12/16 6:16 p.m.5 views

CVE-2025-65589

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Attributes functionality...

6.1CVSS0.00337EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.4 views

PT-2025-51771

Name of the Vulnerable Software and Affected Versions nopCommerce version 4.90.0 Description The software contains a Cross Site Scripting XSS issue within the product management functionality. Malicious payloads entered into the "Product Name" and "Short Description" fields are saved in the backe...

6.1CVSS5.7AI score0.00218EPSS
Exploits0References8
Rows per page
Query Builder