nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Blog posts functionality in the Content Management area.Referenceshttps://www.nopcommerce.com/https://seclists.org/fulldisclosure/2025/Dec/17
