Vulnerabilities > Nopcommerce > Nopcommerce > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-26 | CVE-2022-28450 | Cross-site Scripting vulnerability in Nopcommerce 4.50.1 nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the "Text" parameter (forums) when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser. | 3.5 |
| 2022-04-26 | CVE-2022-28448 | Cross-site Scripting vulnerability in Nopcommerce 4.50.1 nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). | 3.5 |
| 2019-12-09 | CVE-2019-19682 | Cross-site Scripting vulnerability in Nopcommerce 4.20 nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the components \Presentation\Nop.Web\Areas\Admin\Controllers\NewsController.cs and \Presentation\Nop.Web\Areas\Admin\Controllers\BlogController.cs via Body or Full to Admin/News/NewsItemEdit/[id] Admin/Blog/BlogPostEdit/[id]. | 3.5 |