CVE-2025-65592

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

16/12/2025

Last modified:

16/12/2025

Description

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) in the product management functionality. Malicious payloads inserted into the "Product Name" and "Short Description" fields are stored in the backend database and executed automatically whenever a user views the affected pages.

Impact

References to Advisories, Solutions, and Tools

https://seclists.org/fulldisclosure/2025/Dec/19
https://www.nopcommerce.com/
http://seclists.org/fulldisclosure/2025/Dec/19