exploitDog

CVE-2025-65592

Опубликовано: 16 дек. 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) in the product management functionality. Malicious payloads inserted into the "Product Name" and "Short Description" fields are stored in the backend database and executed automatically whenever a user views the affected pages.

Ссылки

https://seclists.org/fulldisclosure/2025/Dec/19
Mailing List
Third Party Advisory
https://www.nopcommerce.com/
Product
http://seclists.org/fulldisclosure/2025/Dec/19
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nopcommerce:nopcommerce:4.90.0:*:*:*:*:*:*:*

EPSS

Процентиль: 9%

0.00031

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-hqjq-rf2f-3m33

CVSS3: 6.1

github

около 2 месяцев назад

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) in the product management functionality. Malicious payloads inserted into the "Product Name" and "Short Description" fields are stored in the backend database and executed automatically whenever a user views the affected pages.

EPSS

Процентиль: 9%

0.00031

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79