exploitDog

GHSA-r3cc-j9xh-27gw

Опубликовано: 27 апр. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An attacker (role customer) can inject javascript code to First name or Last name at Customer Info.

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An attacker (role customer) can inject javascript code to First name or Last name at Customer Info.

Ссылки

EPSS

Процентиль: 41%

0.00191

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-28448

CVSS3: 5.4

nvd

почти 4 года назад

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An attacker (role customer) can inject javascript code to First name or Last name at Customer Info.

EPSS

Процентиль: 41%

0.00191

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79