Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nopcommerce nopcommerce vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2022-27461
In nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authenticate to a nopCommerce page by clicking on a crafted link.
Nopcommerce Nopcommerce
NA
CVE-2022-33077
An access control issue in nopcommerce v4.50.2 allows malicious users to arbitrarily modify any customer's address via the addressedit endpoint.
Nopcommerce Nopcommerce
NA
CVE-2022-26954
Multiple open redirect vulnerabilities in NopCommerce 4.10 up to and including 4.50.1 allow remote malicious users to conduct phishing attacks by redirecting users to attacker-controlled web sites via the returnUrl parameter, processed by the (1) ChangePassword function, (2) Sign...
Nopcommerce Nopcommerce
4
CVSSv2
CVE-2019-11519
Libraries/Nop.Services/Localization/LocalizationService.cs in nopCommerce up to and including 4.10 allows XXE via the "Configurations -> Languages -> Edit Language -> Import Resources -> Upload XML file" screen.
Nopcommerce Nopcommerce
3.5
CVSSv2
CVE-2022-28448
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An attacker (role customer) can inject javascript code to First name or Last name at Customer Info.
Nopcommerce Nopcommerce 4.50.1
4.3
CVSSv2
CVE-2022-28449
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At Apply for vendor account feature, an attacker can upload an arbitrary file to the system.
Nopcommerce Nopcommerce 4.50.1
3.5
CVSSv2
CVE-2022-28450
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the "Text" parameter (forums) when creating a new post, which allows a remote malicious user to execute arbitrary JavaScript code at client browser.
Nopcommerce Nopcommerce 4.50.1
5
CVSSv2
CVE-2022-28451
nopCommerce 4.50.1 is vulnerable to Directory Traversal via the backup file in the Maintenance feature.
Nopcommerce Nopcommerce 4.50.1
9
CVSSv2
CVE-2019-19683
RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanService.cs.
Nopcommerce Nopcommerce 4.20
6.5
CVSSv2
CVE-2019-19684
nopCommerce v4.2.0 allows privilege escalation via file upload in Presentation/Nop.Web/Admin/Areas/Controllers/PluginController.cs via Admin/FacebookAuthentication/Configure because it is possible to upload a crafted Facebook Auth plugin.
Nopcommerce Nopcommerce 4.20
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »