Iamtron01

**Name of the Vulnerable Software and Affected Versions** Nopcommerce version 4.70.1 **Description** The issue is related to Cross Site Scripting (XSS) via the combined `AddProductReview.Title` and `AddProductReview.ReviewText` parameters when creating a new review. This allows for potential malicious script execution. **Recommendations** For Nopcommerce version 4.70.1, as a temporary workaround, consider restricting the use of the `AddProductReview.Title` and `AddProductReview.ReviewText` parameters in the review creation process until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.