CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-28450

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the "Text" parameter (forums) when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 37.0%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

https://github.com/nopSolutions/nopCommerce/issues/6194
https://github.com/nopSolutions/nopCommerce/issues/6194

Products affected by CVE-2022-28450

Nopcommerce » Nopcommerce » Version: 4.50.1

cpe:2.3:a:nopcommerce:nopcommerce:4.50.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-28450

Products

Pricing

Contact Us