CVE-2024-58248

Low CVSS: 3.5

nopCommerce through 4.90.1 does not offer locking for order placement. Thus there is a race condition with duplicate redeeming of gift cards.

Vendor

Product

CWE

Yayın Tarihi

2025-04-16 14:15:23

Güncelleme

2025-12-19 17:14:34

Source Identifier

cve@mitre.org

KEV Date Added

CWE-362 Nopcommerce LOW Nopcommerce 2025

https://github.com/Fabian-For/Vulnerability-Research/blob/main/CVE-2024-58248/README.md https://github.com/nopSolutions/nopCommerce/issues/7325 https://www.nopcommerce.com/en/release-notes

High

CVE-2025-65593

nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Schedule Tasks functionality.

Medium

CVE-2025-65590

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Blog posts functionality in the Content Managemen…

Medium

CVE-2025-65591

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Currencies functionality.

Medium

CVE-2025-65592

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) in the product management functionality. Malicious payloa…

Medium

CVE-2025-65589

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Attributes functionality.

High

CVE-2025-11699

nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate session cookies after logout or session termination…