Nopcommerce: >> Nopcommerce >> 4.70.1 Security Vulnerabilities
nopCommerce through 4.90.1 does not offer locking for order placement. Thus there is a race condition with duplicate redeeming of gift cards.
CVSS Score
3.5
EPSS Score
0.001
Published
2025-04-16
Nopcommerce 4.70.1 is vulnerable to Cross Site Scripting (XSS) via the combined "AddProductReview.Title" and "AddProductReview.ReviewText" parameter(s) (Reviews) when creating a new review.
CVSS Score
6.1
EPSS Score
0.011
Published
2024-07-09