CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-65592

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) in the product management functionality. Malicious payloads inserted into the "Product Name" and "Short Description" fields are stored in the backend database and executed automatically whenever a user views the affected pages.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 7.6%

CVSS Severity

CVSS v3 Score 6.1

References

https://seclists.org/fulldisclosure/2025/Dec/19
https://www.nopcommerce.com/
http://seclists.org/fulldisclosure/2025/Dec/19

Products affected by CVE-2025-65592

Nopcommerce » Nopcommerce » Version: 4.90.0

cpe:2.3:a:nopcommerce:nopcommerce:4.90.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-65592

Products

Pricing

Contact Us