Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.50.1 allow remote attackers to conduct phishing attacks by redirecting users to attacker-controlled web sites via the returnUrl parameter, processed by the (1) ChangePassword function, (2) SignInCustomerAsync function, (3) SuccessfulAuthentication method, or (4) NopRedirectResultExecutor class.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
nopCommerce 输入验证错误漏洞
Vulnerability Description
nopCommerce是一套开源的通用电子商务平台。 nopCommerce 4.10 到 4.50.1版本存在安全漏洞,该漏洞源于ChangePassword 函数、SignInCustomerAsync 函数、SuccessAuthentication 方法、NopRedirectResultExecutor 类存在开放重定向,攻击者利用该漏洞可以通过 returnUrl 参数将用户重定向到攻击者控制的网站来进行网络钓鱼攻击。
CVSS Information
N/A
Vulnerability Type
N/A