CVE-2021-42193

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions nopCommerce version 4.40.3

Description The software contains a flaw that allows for cross-site scripting (XSS) in the Product Name field within the '/Admin/Product/Edit/[id]' API endpoint. When a user views a product in the shop, the XSS payload is triggered. The vulnerable parameter is id.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize user inputs for the Product Name field to prevent the injection of malicious scripts.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-42193

Affected Products

Nopcommerce

CVE-2021-42193

Weakness Enumeration

Related Identifiers

Affected Products

References · 7