[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Blog posts functionality in the Content Management area

To: "fulldisclosure@xxxxxxxxxxxx" <fulldisclosure@xxxxxxxxxxxx>
Subject: [FD] nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Blog posts functionality in the Content Management area
From: Onur Tezcan via Fulldisclosure <fulldisclosure@xxxxxxxxxxxx>
Date: Fri, 12 Dec 2025 14:37:07 +0000

 [Attack Vectors]
      > It was detected that a Stored XSS vulnerability in the "Content 
Management" > "Blog posts" area. Malicious HTML/JavaScript added to the Body 
overview field of a blog post is stored in the backend and executes when the 
blog page is visited (http://localhost/blog/)

Assigned CVE code:
       > CVE-2025-65590

 [Discoverer]
      > AlterSec t/a PenTest.NZ

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Prev by Date: [FD] nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Attributes functionality
Next by Date: [FD] nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Currencies functionality.
Previous by thread: [FD] nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Attributes functionality
Next by thread: [FD] nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Currencies functionality.
Index(es):
- Date
- Thread