CVE-2022-28448

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An attacker (role customer) can inject javascript code to First name or Last name at Customer Info.
References
Link Resource
https://github.com/nopSolutions/nopCommerce/issues/6191 Exploit Issue Tracking
Configurations

Configuration 1

cpe:2.3:a:nopcommerce:nopcommerce:4.50.1:*:*:*:*:*:*:*

Information

Published : 2022-04-26 08:15

Updated : 2022-05-04 07:47


NVD link : CVE-2022-28448

Mitre link : CVE-2022-28448

Products Affected
No products.
CWE