Show filters
4 Total Results
Displaying 1-4 of 4
Sort by:
Attacker Value
Unknown

CVE-2022-28451

Disclosure Date: May 02, 2022 (last updated February 23, 2025)
nopCommerce 4.50.1 is vulnerable to Directory Traversal via the backup file in the Maintenance feature.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-28450

Disclosure Date: April 26, 2022 (last updated February 23, 2025)
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the "Text" parameter (forums) when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-28449

Disclosure Date: April 26, 2022 (last updated February 23, 2025)
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At Apply for vendor account feature, an attacker can upload an arbitrary file to the system.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-28448

Disclosure Date: April 26, 2022 (last updated February 23, 2025)
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An attacker (role customer) can inject javascript code to First name or Last name at Customer Info.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0