Home

Description

nopCommerce 4.40.3 is vulnerable to XSS in the Product Name at /Admin/Product/Edit/[id]. Each time a user views the product in the shop, the XSS payload fires.

PUBLISHED Reserved 2021-10-11 | Published 2025-10-03 | Updated 2025-10-03 | Assigner mitre

References

nopcommerce.com

nop.com

cxsecurity.com/issue/WLB-2025100002

cve.org (CVE-2021-42193)

nvd.nist.gov (CVE-2021-42193)

Download JSON