XXE Vulnerability in LocalizationService.cs in nopCommerce
CVE-2019-11519 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:N/A:N
Libraries/Nop.Services/Localization/LocalizationService.cs in nopCommerce through 4.10 allows XXE via the "Configurations -> Languages -> Edit Language -> Import Resources -> Upload XML file" screen.
Learn more about our Web Application Penetration Testing UK.