CVE-2025-65592

Medium CVSS: 6.1

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) in the product management functionality. Malicious payloads inserted into the "Product Name" and "Short Description" fields are stored in the backend database and executed automatically whenever a user views the affected pages.

Vendor

Nopcommerce

Product

Nopcommerce

CWE

CWE-79

Yayın Tarihi

2025-12-16 19:15:58

Güncelleme

2025-12-19 16:40:13

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Nopcommerce MEDIUM Nopcommerce 2025

Referanslar

https://seclists.org/fulldisclosure/2025/Dec/19 https://www.nopcommerce.com/ http://seclists.org/fulldisclosure/2025/Dec/19

Benzer Kayıtlar

High

CVE-2025-65593

nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Schedule Tasks functionality.

Medium

CVE-2025-65590

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Blog posts functionality in the Content Managemen…

Medium

CVE-2025-65591

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Currencies functionality.

Medium

CVE-2025-65589

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Attributes functionality.

High

CVE-2025-11699

nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate session cookies after logout or session termination…

Medium

CVE-2021-42193

nopCommerce 4.40.3 is vulnerable to XSS in the Product Name at /Admin/Product/Edit/[id]. Each time a user views the prod…