Nopcommerce
Products
1- 7 CVEs
Recent CVEs
7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-33077 | Hig | 0.49 | 7.5 | 0.01 | Oct 19, 2022 | An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer's address via the addressedit endpoint. | ||
| CVE-2022-26954 | Med | 0.40 | 6.1 | 0.01 | Oct 20, 2022 | Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.50.1 allow remote attackers to conduct phishing attacks by redirecting users to attacker-controlled web sites via the returnUrl parameter, processed by the (1) ChangePassword function, (2) SignInCustomerAsync… | ||
| CVE-2022-27461 | Med | 0.40 | 6.1 | 0.01 | May 4, 2022 | In nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authenticate to a nopCommerce page by clicking on a crafted link. | ||
| CVE-2022-28449 | Med | 0.40 | 6.1 | 0.01 | Apr 26, 2022 | nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At Apply for vendor account feature, an attacker can upload an arbitrary file to the system. | ||
| CVE-2022-28450 | Med | 0.35 | 5.4 | 0.01 | Apr 26, 2022 | nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the "Text" parameter (forums) when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser. | ||
| CVE-2022-28448 | Med | 0.35 | 5.4 | 0.00 | Apr 26, 2022 | nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An attacker (role customer) can inject javascript code to First name or Last name at Customer Info. | ||
| CVE-2022-28451 | Hig | 0.00 | 7.5 | 0.01 | May 2, 2022 | nopCommerce 4.50.1 is vulnerable to Directory Traversal via the backup file in the Maintenance feature. |
- risk 0.49cvss 7.5epss 0.01
An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer's address via the addressedit endpoint.
- risk 0.40cvss 6.1epss 0.01
Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.50.1 allow remote attackers to conduct phishing attacks by redirecting users to attacker-controlled web sites via the returnUrl parameter, processed by the (1) ChangePassword function, (2) SignInCustomerAsync…
- risk 0.40cvss 6.1epss 0.01
In nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authenticate to a nopCommerce page by clicking on a crafted link.
- risk 0.40cvss 6.1epss 0.01
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At Apply for vendor account feature, an attacker can upload an arbitrary file to the system.
- risk 0.35cvss 5.4epss 0.01
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the "Text" parameter (forums) when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser.
- risk 0.35cvss 5.4epss 0.00
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An attacker (role customer) can inject javascript code to First name or Last name at Customer Info.
- risk 0.00cvss 7.5epss 0.01
nopCommerce 4.50.1 is vulnerable to Directory Traversal via the backup file in the Maintenance feature.