CVE-2025-65592

Description

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) in the product management functionality. Malicious payloads inserted into the "Product Name" and "Short Description" fields are stored in the backend database and executed automatically whenever a user views the affected pages.

PUBLISHED Reserved 2025-11-18 | Published 2025-12-16 | Updated 2025-12-17 | Assigner mitre

References

seclists.org/fulldisclosure/2025/Dec/19

www.nopcommerce.com/

seclists.org/fulldisclosure/2025/Dec/19

cve.org (CVE-2025-65592)

nvd.nist.gov (CVE-2025-65592)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.