Nopcommerce: >> Nopcommerce >> 4.30 Security Vulnerabilities
Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.50.1 allow remote attackers to conduct phishing attacks by redirecting users to attacker-controlled web sites via the returnUrl parameter, processed by the (1) ChangePassword function, (2) SignInCustomerAsync function, (3) SuccessfulAuthentication method, or (4) NopRedirectResultExecutor class.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-10-20
An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer's address via the addressedit endpoint.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-10-19
In nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authenticate to a nopCommerce page by clicking on a crafted link.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-05-04
In nopCommerce 4.30, a Reflected XSS issue in the Discount Coupon component allows remote attackers to inject arbitrary web script or HTML through the Filters/CheckDiscountCouponAttribute.cs discountcode parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-02-08