NopCommerce Shopping CMS

According to its website, NopCommerce is one of the most popular ASP.NET shopping cart in the world based on Microsoft technologies.

During an independent assessment of version 4.20, multiple vulnerabilities were found to affect this product.

Table of contents

• CVE-2019-19685 - Cross-Site-Request-Forgery (CSRF)
• CVE-2019-19682 - Stored Cross-Site-Scripting
• CVE-2019-19684 - Privilege Escalation via Path Traversal
• CVE-2019-19684 - Privilege Escalation via unprotected Plugin Upload