CVE-2025-65590

Medium CVSS: 5.4

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Blog posts functionality in the Content Management area.

Vendor

Product

CWE

Yayın Tarihi

2025-12-16 19:15:58

Güncelleme

2025-12-19 16:42:56

Source Identifier

cve@mitre.org

KEV Date Added

CWE-79 Nopcommerce MEDIUM Nopcommerce 2025

https://seclists.org/fulldisclosure/2025/Dec/17 https://www.nopcommerce.com/ http://seclists.org/fulldisclosure/2025/Dec/17

High

CVE-2025-65593

nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Schedule Tasks functionality.

Medium

CVE-2025-65591

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Currencies functionality.

Medium

CVE-2025-65592

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) in the product management functionality. Malicious payloa…

Medium

CVE-2025-65589

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Attributes functionality.

High

CVE-2025-11699

nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate session cookies after logout or session termination…

Medium

CVE-2021-42193

nopCommerce 4.40.3 is vulnerable to XSS in the Product Name at /Admin/Product/Edit/[id]. Each time a user views the prod…