Description: A stored cross-site scripting (XSS) vulnerability exists when creating a new post of nopCommerce version 4.50.1 that allows a remote attacker to execute arbitrary JavaScript code at client browser
Steps to reproduce the problem:
Step 1: Create new topic or reply topic with injecting [url]javascript:alert(document.domain)[/url] to "Text" parameter
Step2: Click a text javascript:alert(document.domain) at topic that was created in step 1 to trigger XSS
Let me know if you require additional information.
The text was updated successfully, but these errors were encountered:
nopCommerce version: 4.50.1
Description: A stored cross-site scripting (XSS) vulnerability exists when creating a new post of nopCommerce version 4.50.1 that allows a remote attacker to execute arbitrary JavaScript code at client browser
Steps to reproduce the problem:
[url]javascript:alert(document.domain)[/url]to "Text" parameterjavascript:alert(document.domain)at topic that was created in step 1 to trigger XSSLet me know if you require additional information.
The text was updated successfully, but these errors were encountered: