CVE-2025-65593

nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery CSRF via the Schedule Tasks functionality...

EUVD-2025-203832

nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery CSRF via the Schedule Tasks functionality...

Cross-site Request Forgery (CSRF)

Overview NopCommerce.Nop.Core is an A set of core classes for nopCommerce, such as caching, events, helpers, and business objects for example, Order and Customer entities. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the "Run now" button of the "Schedule...

Cross-site Request Forgery (CSRF)

Overview NopCommerce.Core is an open-source e-commerce shopping cart solution. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the "Run now" button of the "Schedule Tasks" functionality. An attacker can run a scheduled task without the victim users consent ...

CVE-2025-65593

nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery CSRF via the Schedule Tasks functionality...

CVE-2025-65593

nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery CSRF via the Schedule Tasks functionality...

CVE-2025-65593

nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery CSRF via the Schedule Tasks functionality...

CVE-2025-65593

CVE-2025-65593 affects nopCommerce 4.90.0 and is described across multiple sources as a CSRF vulnerability exposed via the Schedule Tasks functionality. The described vector is CSRF via the Run now/schedule-action flow, enabling an attacker to trigger scheduled tasks on behalf of an authenticated...

PT-2025-51778

Name of the Vulnerable Software and Affected Versions nopCommerce version 4.90.0 Description The software is susceptible to Cross Site Request Forgery CSRF through the Schedule Tasks functionality. This allows an attacker to potentially perform actions on behalf of an authenticated user without...

CVE-2025-65593

nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery CSRF via the Schedule Tasks functionality...

nopCommerce 安全漏洞

nopCommerce is an open source, general purpose e-commerce platform from nopCommerce, Inc. A security vulnerability exists in nopCommerce version 4.90.0 that stems from a cross-site request forgery in the Schedule Tasks feature...

EUVD-2020-21843

Malware in sbrugna...

CVE-2020-29475

nopCommerce Store 4.30 is affected by cross-site scripting XSS in the Schedule tasks name field. This vulnerability can allow an attacker to inject the XSS payload in Schedule tasks and each time any user will go to that page of the website, the XSS triggers and attacker can able to steal the...

IcedID Circulates Via Web Forms, Google URLs

Website contact forms and Google URLs are being used to spread the IcedID trojan, according to researchers at Microsoft. Attackers are using “contact us” forms on websites to send emails targeting organizations with trumped-up legal threats, researchers said. The messages consistently mention a...

CVE-2020-29475

nopCommerce Store 4.30 is affected by cross-site scripting XSS in the Schedule tasks name field. This vulnerability can allow an attacker to inject the XSS payload in Schedule tasks and each time any user will go to that page of the website, the XSS triggers and attacker can able to steal the...

Cross site scripting

nopCommerce Store 4.30 is affected by cross-site scripting XSS in the Schedule tasks name field. This vulnerability can allow an attacker to inject the XSS payload in Schedule tasks and each time any user will go to that page of the website, the XSS triggers and attacker can able to steal the...

CVE-2020-29475

nopCommerce Store 4.30 is affected by cross-site scripting XSS in the Schedule tasks name field. This vulnerability can allow an attacker to inject the XSS payload in Schedule tasks and each time any user will go to that page of the website, the XSS triggers and attacker can able to steal the...

CVE-2020-29475

nopCommerce Store 4.30 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the Schedule tasks name field. The root cause is insufficient input sanitization, allowing an attacker to inject an XSS payload that triggers when users visit the affected page, potentially stealing cookies...

nopCommerce Store 4.30 - 'name' Stored Cross-Site Scripting

Exploit Title: nopCommerce Store 4.30 - 'name' Stored Cross-Site Scripting Date: 24-11-2020 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://www.nopcommerce.com/ Version: 4.30 Tested on: Windows 10/Kali Linux CVE: CVE-2020-29475 Stored Cross-site scriptingXSS: Stored XSS, also...

nopCommerce Store 4.30 Cross Site Scripting

Exploit Title: nopCommerce Store 4.30 - 'name' Stored Cross-Site Scripting Date: 24-11-2020 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://www.nopcommerce.com/ Version: 4.30 Tested on: Windows 10/Kali Linux Stored Cross-site scriptingXSS: Stored XSS, also known as persistent...