CNNVD-202512-2790 Information

CNNVD ID

CNNVD-202512-2790

Related CVE

CVE-2025-65590

• CNNVD Published: 2025-12-16

Description (Chinese)

nopCommerce是nopCommerce公司的一套开源的通用电子商务平台。 nopCommerce 4.90.0版本存在安全漏洞，该漏洞源于内容管理区域的Blog posts功能存在跨站脚本。

Description (English)

NopCommerce is an open-source common e-commerce platform for noopCommerce. There is a security loophole in version 4.90.0 of the nopCommerce, which stems from the presence of a cross-site script for the Blog posts function in the content management area.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

nopCommerce

Published

2025-12-16

Last Modified

2026-02-24

References

https://seclists.org/fulldisclosure/2025/Dec/17 https://www.nopcommerce.com/ http://seclists.org/fulldisclosure/2025/Dec/17

Patch

https://www.nopcommerce.com/en/download-nopcommerce