CVE Catalog
CVE-2021-42193
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk0.23%
13th percentile - higher than 13% of all known CVEs
Summary
nopCommerce 4.40.3 is vulnerable to XSS in the Product Name field at /Admin/Product/Edit/[id]. Each time a user views the product in the shop, the XSS payload fires.
Risk Assessment
An attacker can inject a malicious script that executes in every user's browser when viewing the product page, potentially leading to session theft, redirects, or data theft.
Recommendation
Immediately update nopCommerce to the latest version and apply proper input filtering and encoding for the Product Name field.
Original NVD description (English source)
nopCommerce 4.40.3 is vulnerable to XSS in the Product Name at /Admin/Product/Edit/[id]. Each time a user views the product in the shop, the XSS payload fires.

