Vulnerability Details CVE-2019-11519
Libraries/Nop.Services/Localization/LocalizationService.cs in nopCommerce through 4.10 allows XXE via the "Configurations -> Languages -> Edit Language -> Import Resources -> Upload XML file" screen.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.1%
CVSS Severity
CVSS v3 Score 4.9
CVSS v2 Score 4.0
References
Products affected by CVE-2019-11519
-
cpe:2.3:a:nopcommerce:nopcommerce:1.70
-
cpe:2.3:a:nopcommerce:nopcommerce:1.80
-
cpe:2.3:a:nopcommerce:nopcommerce:1.90
-
cpe:2.3:a:nopcommerce:nopcommerce:2.00
-
cpe:2.3:a:nopcommerce:nopcommerce:2.10
-
cpe:2.3:a:nopcommerce:nopcommerce:2.20
-
cpe:2.3:a:nopcommerce:nopcommerce:2.30
-
cpe:2.3:a:nopcommerce:nopcommerce:2.40
-
cpe:2.3:a:nopcommerce:nopcommerce:2.50
-
cpe:2.3:a:nopcommerce:nopcommerce:2.60
-
cpe:2.3:a:nopcommerce:nopcommerce:2.65
-
cpe:2.3:a:nopcommerce:nopcommerce:2.70
-
cpe:2.3:a:nopcommerce:nopcommerce:2.80
-
cpe:2.3:a:nopcommerce:nopcommerce:3.00
-
cpe:2.3:a:nopcommerce:nopcommerce:3.10
-
cpe:2.3:a:nopcommerce:nopcommerce:3.20
-
cpe:2.3:a:nopcommerce:nopcommerce:3.30
-
cpe:2.3:a:nopcommerce:nopcommerce:3.40
-
cpe:2.3:a:nopcommerce:nopcommerce:3.50
-
cpe:2.3:a:nopcommerce:nopcommerce:3.60
-
cpe:2.3:a:nopcommerce:nopcommerce:3.70
-
cpe:2.3:a:nopcommerce:nopcommerce:3.80
-
cpe:2.3:a:nopcommerce:nopcommerce:3.90
-
cpe:2.3:a:nopcommerce:nopcommerce:4.00
-
cpe:2.3:a:nopcommerce:nopcommerce:4.10