CNNVD-202512-082 Information
CNNVD ID
CNNVD-202512-082
Related CVE
- CNNVD Published: 2025-12-01
Description (Chinese)
nopCommerce是nopCommerce公司的一套开源的通用电子商务平台。 nopCommerce 4.70之前版本和4.80.3版本存在安全漏洞,该漏洞源于注销或会话终止后未使会话cookie失效,可能导致会话劫持。
Description (English)
NopCommerce is an open-source common e-commerce platform for noopCommerce. There is a security loophole in previous versions of nopCommerce 4.70 and 4.80.3, which stems from the failure to invalidate the session cookie after cancellation or termination, which could lead to the hijacking of the session.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
nopCommerce
Published
2025-12-01
Last Modified
2026-02-24
References
https://www.kb.cert.org/vuls/id/633103 https://www.nopcommerce.com/en/release-notes?srsltid=AfmBOoravPKjN19pm_XZbXZ7GvPhkt8cxlK6794BJRZlY5RxJU_yNoTT https://github.com/nopSolutions/nopCommerce/issues/7044 https://seclists.org/fulldisclosure/2025/Aug/14 https://access.redhat.com/security/cve/cve-2025-11699
Patch
https://github.com/nopSolutions/nopCommerce/releases
Share on: