exploitDog

GHSA-4cxq-fp26-wf3w

Опубликовано: 27 апр. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the "Text" parameter (forums) when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser.

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the "Text" parameter (forums) when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser.

Ссылки

EPSS

Процентиль: 36%

0.00154

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-28450

CVSS3: 5.4

nvd

почти 4 года назад

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the "Text" parameter (forums) when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser.

EPSS

Процентиль: 36%

0.00154

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79