CVE-2025-65589

Medium CVSS: 6.1

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Attributes functionality.

Vendor

Product

CWE

Yayın Tarihi

2025-12-16 18:16:14

Güncelleme

2025-12-19 16:43:38

Source Identifier

cve@mitre.org

KEV Date Added

CWE-79 Nopcommerce MEDIUM Nopcommerce 2025

https://seclists.org/fulldisclosure/2025/Dec/16 https://www.nopcommerce.com/ http://seclists.org/fulldisclosure/2025/Dec/16

High

CVE-2025-65593

nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Schedule Tasks functionality.

Medium

CVE-2025-65590

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Blog posts functionality in the Content Managemen…

Medium

CVE-2025-65591

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Currencies functionality.

Medium

CVE-2025-65592

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) in the product management functionality. Malicious payloa…

High

CVE-2025-11699

nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate session cookies after logout or session termination…

Medium

CVE-2021-42193

nopCommerce 4.40.3 is vulnerable to XSS in the Product Name at /Admin/Product/Edit/[id]. Each time a user views the prod…