CVE-2025-65592
- Source
- https://cve.org/CVERecord?id=CVE-2025-65592
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-65592.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-65592
- Published
- 2025-12-16T19:15:58.967Z
- Modified
- 2026-03-15T22:52:35.155843Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) in the product management functionality. Malicious payloads inserted into the "Product Name" and "Short Description" fields are stored in the backend database and executed automatically whenever a user views the affected pages.
- References
Affected packages
Git / github.com/nopsolutions/nopcommerce
Affected versions
release-1.*
release-1.70
release-1.80
release-1.90
release-2.*
release-2.00
release-2.10
release-2.20
release-2.30
release-2.40
release-2.50
release-2.60
release-2.65
release-2.70
release-2.80
release-3.*
release-3.00
release-3.10
release-3.20
release-3.30
release-3.40
release-3.50
release-3.60
release-3.70
release-3.80
release-3.80-beta
release-3.90
release-3.90-beta
release-4.*
release-4.00
release-4.00-beta
release-4.10
release-4.10-beta
release-4.20
release-4.20-beta
release-4.30
release-4.30-beta
release-4.30-release-candicate
release-4.40
release-4.40-beta
release-4.40.1
release-4.40.2
release-4.40.3
release-4.40.4
release-4.50.0
release-4.50.0-beta
release-4.50.0-rc
release-4.50.1
release-4.50.2
release-4.50.3
release-4.50.4
release-4.60
release-4.60.0
release-4.60.0-beta
release-4.60.1
release-4.60.2
release-4.60.3
release-4.60.4
release-4.60.5
release-4.60.6
release-4.70.0
release-4.70.1
release-4.70.2
release-4.70.3
release-4.70.4
release-4.70.5
release-4.80.0
release-4.80.0-beta
release-4.80.1
release-4.80.2
release-4.80.3
release-4.80.4
release-4.80.5
release-4.80.6
release-4.80.7
release-4.80.8
release-4.80.9
release-4.90.0
release-4.90.0-beta