Cross Site Scripting (XSS) Vulnerability in nopCommerce 4.50.1
CVE-2022-28448 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An attacker (role customer) can inject javascript code to First name or Last name at Customer Info.
Learn more about our Web Application Penetration Testing UK.