CNNVD-202512-2787 Information

CNNVD ID

CNNVD-202512-2787

Related CVE

CVE-2025-65592

• CNNVD Published: 2025-12-16

Description (Chinese)

nopCommerce是nopCommerce公司的一套开源的通用电子商务平台。 nopCommerce 4.90.0版本存在安全漏洞，该漏洞源于产品管理功能存在跨站脚本，可能导致恶意载荷自动执行。

Description (English)

NopCommerce is an open-source common e-commerce platform for noopCommerce. There is a safety gap in version 4.90.0 of nopCommerce, which stems from the existence of a cross-site script for product management functions, which may lead to the automatic execution of malicious payloads.

Hazard Level

High

Vulnerability Type

其他

Published

2025-12-16

Last Modified

2026-02-24

References

https://seclists.org/fulldisclosure/2025/Dec/19 https://www.nopcommerce.com/ http://seclists.org/fulldisclosure/2025/Dec/19

Patch

https://www.nopcommerce.com/en/download-nopcommerce