CVE-2021-42193

Medium CVSS: 6.1

nopCommerce 4.40.3 is vulnerable to XSS in the Product Name at /Admin/Product/Edit/[id]. Each time a user views the product in the shop, the XSS payload fires.

Vendor

Nopcommerce

Product

Nopcommerce

CWE

CWE-79

Yayın Tarihi

2025-10-03 17:15:45

Güncelleme

2025-12-19 17:07:54

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Nopcommerce MEDIUM Nopcommerce 2025

Referanslar

http://nop.com http://nopcommerce.com https://cxsecurity.com/issue/WLB-2025100002

Benzer Kayıtlar

High

CVE-2025-65593

nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Schedule Tasks functionality.

Medium

CVE-2025-65590

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Blog posts functionality in the Content Managemen…

Medium

CVE-2025-65591

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Currencies functionality.

Medium

CVE-2025-65592

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) in the product management functionality. Malicious payloa…

Medium

CVE-2025-65589

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Attributes functionality.

High

CVE-2025-11699

nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate session cookies after logout or session termination…