Web: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-28448

April 26, 2022, 8:15 p.m. |

National Vulnerability Database nist.gov

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An attacker (role customer) can inject javascript code to First name or Last name at Customer Info.

cve

Security Engineer I, Offensive Security Penetration Testing

@ Amazon.com | US, TX, Virtual Location - Texas

Cyber Security Engineer

@ GWA Group | Derrimut, Victoria, Australia

Threat Intelligence Consultant- Remote (Anywhere in the U.S.)

@ GuidePoint Security LLC | Remote

Senior Cloud Security Engineer

@ Reddit | Atlanta, GA

Information Security Officer

@ Vix Technology | Cambridge, England, United Kingdom

Information Security Manager (12m FTC)

@ PlayStation Global | United Kingdom, London

Vulnerability Management Engineer (Qualys)

@ Aperia | Dallas, Texas, United States - Remote

Information Security Officer (US)

@ Form3 | 100% Remote - New York

Information Systems Security Officer (ISSO)

@ Spry Methods | Denver, CO

Client Manager - Cybersecurity - Nashville Enterprise

@ Optiv | Nashville, TN

Threat Analyst | Remote, USA

@ Optiv | Minneapolis, MN

Senior Cyber Security SME

@ Node.Digital | Dulles, Virginia, United States