Cross-Site Scripting (XSS) and Arbitrary File Upload Vulnerability in nopCommerce 4.50.1

CVE-2022-28449 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At Apply for vendor account feature, an attacker can upload an arbitrary file to the system.

Learn more about our Web Application Penetration Testing UK.