CVE-2022-27461
MEDIUMnopcommerce < 4.50.1 - Open Redirect via Crafted Authentication Link
Title source: llmDescription
In nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authenticate to a nopCommerce page by clicking on a crafted link.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
http://nopcommerce.com
Exploit, Third Party Advisory x_refsource_misc
https://tf1t.gitbook.io/mycve/nopcommerce/open-redirect-on-nopcommerce-4.50.1
Scores
CVSS v3
6.1
EPSS
0.0070
EPSS Percentile
48.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (1)
nopcommerce/nopcommerce
< 4.50.1
Published
May 04, 2022
Tracked Since
Feb 18, 2026