CVE-2022-28448

Published April 26th, 2022

View on NVD ↗

CVSS v3

5.4

MEDIUM

CVSS v2

3.5

LOW

Affected

PROJECT

Description

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An attacker (role customer) can inject javascript code to First name or Last name at Customer Info.

nopSolutions/nopCommerce

ASP.NET Core eCommerce software. nopCommerce is a free and open-source shopping cart.

GitHub

10.1K