Nopcommerce: community verdicts
3 notable / known-exploited Nopcommerce CVEs the community has triaged.
ⓘ Not an exhaustive list: we focus on the findings that matter (exploited / notable). For every Nopcommerce CVE, see NVD ↗.
- CVE-2022-33077HIGH 7.5Real · low riskEPSS 1%
An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer's address via the addressedit endpoint.
- CVE-2022-27461MED 6.1EPSS 1%
In nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authenticate to a nopCommerce page by clicking on a crafted link.
- CVE-2021-42193MED 6.1EPSS 0%
nopCommerce 4.40.3 is vulnerable to XSS in the Product Name at /Admin/Product/Edit/[id]. Each time a user views the product in the shop, the XSS payload fires.