Vulnerability Description
In nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authenticate to a nopCommerce page by clicking on a crafted link.
CVSS Score
6.1
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nopcommerce | Nopcommerce | <= 4.50.1 |
Related Weaknesses (CWE)
References
- http://nopcommerce.comVendor Advisory
- https://tf1t.gitbook.io/mycve/nopcommerce/open-redirect-on-nopcommerce-4.50.1ExploitThird Party Advisory
- http://nopcommerce.comVendor Advisory
- https://tf1t.gitbook.io/mycve/nopcommerce/open-redirect-on-nopcommerce-4.50.1ExploitThird Party Advisory
FAQ
What is CVE-2022-27461?
CVE-2022-27461 is a vulnerability with a CVSS score of 6.1 (MEDIUM). In nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authenticate to a nopCommerce page by clicking on a crafted link.
How severe is CVE-2022-27461?
CVE-2022-27461 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-27461?
Check the references section above for vendor advisories and patch information. Affected products include: Nopcommerce Nopcommerce.