Medium severity4.8NVD Advisory· Published Dec 9, 2019· Updated Jun 17, 2026
CVE-2019-19682
CVE-2019-19682
Description
nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the components \Presentation\Nop.Web\Areas\Admin\Controllers\NewsController.cs and \Presentation\Nop.Web\Areas\Admin\Controllers\BlogController.cs via Body or Full to Admin/News/NewsItemEdit/[id] Admin/Blog/BlogPostEdit/[id]. NOTE: the vendor reportedly considers this a "feature" because the affected components are an HTML content editor.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- nopCommerce/nopCommercedescription
- Range: <=4.20
Patches
Vulnerability mechanics
References
1- github.com/klezVirus/cves/tree/master/NopCommerce/Cross-Site-ScriptingnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.