CVE-2025-65592 Security Details

CVE ID

CVE-2025-65592

CWE

CWE-79

CVE Description

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) in the product management functionality. Malicious payloads inserted into the "Product Name" and "Short Description" fields are stored in the backend database and executed automatically whenever a user views the affected pages.

Published

Dec 22, 2025

CVSS Score & Severity

6.1Medium

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Score

0.039%

Malware

malware

KEV Status

Not in KEV Catalog: No known exploits

Affected Ecosystems

affected

Source

National Vulnerability Database

References

http://seclists.org/fulldisclosure/2025/Dec/19THIRD_PARTY