The vulnerability is a reflected XSS in the discountcode URL parameter. If an invalid discount code is entered, the value is reflected directly in the response without HTML encoding. This was tested on Google Chrome, Firefox and Edge with a fresh install of nopCommerce. I have attached a screenshot of the PoC.
The vulnerability is a reflected XSS in the discountcode URL parameter. If an invalid discount code is entered, the value is reflected directly in the response without HTML encoding. This was tested on Google Chrome, Firefox and Edge with a fresh install of nopCommerce. I have attached a screenshot of the PoC.
The cause of the issue is the following line:
nopCommerce/src/Presentation/Nop.Web.Framework/Mvc/Filters/CheckDiscountCouponAttribute.cs
Line 134 in 879275b
The same code exists in the 4.3.0 release tag as well:
nopCommerce/src/Presentation/Nop.Web.Framework/Mvc/Filters/CheckDiscountCouponAttribute.cs
Line 132 in 9f6002d
Let me know if you require additional information.

The text was updated successfully, but these errors were encountered: