AttackFeed by Joe Wagner | nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Blog posts functionality in the Content Management area  - Full Disclosure

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Blog posts functionality in the Content Management area  – Full Disclosure

Posted on By Joe-W No Comments on nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Blog posts functionality in the Content Management area  – Full Disclosure
Alert Feeds

 

Posted by Onur Tezcan via Fulldisclosure on Dec 15

[Attack Vectors]
      > It was detected that a Stored XSS vulnerability in the “Content Management” > “Blog posts” area. Malicious
HTML/JavaScript added to the Body overview field of a blog post is stored in the backend and executes when the blog
page is visited (http://localhost/blog/)

Assigned CVE code:
     > CVE-2025-65590

[Discoverer]
      > AlterSec t/a PenTest.NZ
 – Read More  – Full Disclosure 

You may also like

Alert Feeds
APPLE-SA-08-20-2025-3 macOS Sequoia 15.6.1  – Full Disclosure
September 8, 2025
Alert Feeds
CVE-2024-45438 – SpamTitan Unauthenticated User Creation  – Full Disclosure
September 8, 2025
Alert Feeds
2 vulnerabilities in Egovframe  – Full Disclosure
December 2, 2025
Alert Feeds
Stored Cross-Site Scripting (XSS) – Layout Functionality – totaljsv5013  – Full Disclosure
October 28, 2025

Leave a Reply

AttackFeed by Joe Wagner
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.