Sign in Subscribe

← All advisories

Unrated severityOSV Advisory· Published Dec 16, 2025· Updated Dec 17, 2025

CVE-2025-65589

CVE-2025-65589

Description

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Attributes functionality.

Affected products

1

Nopsolutions/NopcommerceOSV
Range: release-1.70, release-1.80, release-1.90, …

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

seclists.org/fulldisclosure/2025/Dec/16mitre
www.nopcommerce.commitre

News mentions

0

No linked articles in our index yet.