[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Schedule Tasks functionality

To: "fulldisclosure@xxxxxxxxxxxx" <fulldisclosure@xxxxxxxxxxxx>
Subject: [FD] nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Schedule Tasks functionality
From: Onur Tezcan via Fulldisclosure <fulldisclosure@xxxxxxxxxxxx>
Date: Fri, 12 Dec 2025 15:11:01 +0000

 [Attack Vectors]
      > It was identified Cross-Site Request Forgery (CSRF) vulnerability on 
the "Run now" button of Schedule tasks functionality. Exploiting this 
vulnerability, an attacker can run a scheduled task without the victim users 
consent or knowledge.

Assigned CVE code:
      > CVE-2025-65593

 [Discoverer]
      > AlterSec t/a PenTest.NZ

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Prev by Date: [FD] nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) in the product management functionality
Next by Date: [FD] [KIS-2025-07] Bitrix24 <= 25.100.300 (Translate Module) Remote Code Execution Vulnerability
Previous by thread: [FD] nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) in the product management functionality
Next by thread: [FD] [KIS-2025-07] Bitrix24 <= 25.100.300 (Translate Module) Remote Code Execution Vulnerability
Index(es):
- Date
- Thread