PT-2025-51771 · Unknown · Nopcommerce
Published
2025-12-16
·
Updated
2025-12-21
·
CVE-2025-65592
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
nopCommerce version 4.90.0
Description
The software contains a Cross Site Scripting (XSS) issue within the product management functionality. Malicious payloads entered into the "Product Name" and "Short Description" fields are saved in the backend database and automatically executed when a user views the affected pages. The vulnerable parameters are
Product Name and Short Description.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nopcommerce