You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description: A stored cross-site scripting (XSS) vulnerability exists when creating a new post of nopCommerce version 4.50.1 that allows a remote attacker to execute arbitrary JavaScript code at client browser
Steps to reproduce the problem:
Step 1: Create new topic or reply topic with injecting [url]javascript:alert(document.domain)[/url] to "Text" parameter
Step2: Click a text javascript:alert(document.domain) at topic that was created in step 1 to trigger XSS
Let me know if you require additional information.