Andreimaz

**Name of the Vulnerable Software and Affected Versions** nopCommerce versions prior to 4.10 **Description** The issue concerns an XXE vulnerability in the LocalizationService.cs file. This vulnerability can be exploited via the "Configurations -> Languages -> Edit Language -> Import Resources -> Upload XML file" screen, allowing for potential XML eXternal Entity (XXE) attacks. **Recommendations** For versions prior to 4.10, as a temporary workaround, consider disabling the XML file upload functionality in the "Configurations -> Languages -> Edit Language -> Import Resources" section until a patch is available. Restrict access to the LocalizationService.cs file to minimize the risk of exploitation. Avoid using the XML upload feature in the affected screen until the issue is resolved.