VYPR

nopcommerce

by Nopcommerce

CVEs (7)

  • CVE-2022-33077HigOct 19, 2022
    risk 0.49cvss 7.5epss 0.01

    An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer's address via the addressedit endpoint.

  • CVE-2022-26954MedOct 20, 2022
    risk 0.40cvss 6.1epss 0.01

    Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.50.1 allow remote attackers to conduct phishing attacks by redirecting users to attacker-controlled web sites via the returnUrl parameter, processed by the (1) ChangePassword function, (2) SignInCustomerAsync…

  • CVE-2022-27461MedMay 4, 2022
    risk 0.40cvss 6.1epss 0.01

    In nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authenticate to a nopCommerce page by clicking on a crafted link.

  • CVE-2022-28449MedApr 26, 2022
    risk 0.40cvss 6.1epss 0.01

    nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At Apply for vendor account feature, an attacker can upload an arbitrary file to the system.

  • CVE-2022-28450MedApr 26, 2022
    risk 0.35cvss 5.4epss 0.01

    nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the "Text" parameter (forums) when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser.

  • CVE-2022-28448MedApr 26, 2022
    risk 0.35cvss 5.4epss 0.00

    nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An attacker (role customer) can inject javascript code to First name or Last name at Customer Info.

  • CVE-2022-28451HigMay 2, 2022
    risk 0.00cvss 7.5epss 0.01

    nopCommerce 4.50.1 is vulnerable to Directory Traversal via the backup file in the Maintenance feature.