📦 Nopcommerce

nopCommerce 4.90.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in its Schedule Tasks functionality. This allows attackers to trick authenticated administrators into performing unauthori...

nopCommerce versions 4.70 and prior, and specifically version 4.80.3, fail to properly invalidate session cookies after logout or session termination. This allows attackers with a valid session cookie...

nopCommerce 4.90.0 contains a stored cross-site scripting vulnerability in the blog posts functionality of its content management system. Attackers can inject malicious scripts that execute when admin...

nopCommerce 4.90.0 contains a cross-site scripting vulnerability in its Currencies functionality that allows attackers to inject malicious scripts into web pages. This affects administrators and users...

nopCommerce 4.90.0 has a stored cross-site scripting (XSS) vulnerability in product management functionality. Attackers can inject malicious scripts into product name and short description fields, whi...

nopCommerce 4.90.0 contains a cross-site scripting vulnerability in the Attributes functionality that allows attackers to inject malicious scripts into web pages. This affects all users of nopCommerce...

This vulnerability allows attackers to inject malicious scripts into product review fields in nopCommerce 4.70.1. When users view these reviews, the scripts execute in their browsers, potentially stea...