XXE Vulnerability in LocalizationService.cs in nopCommerce

XXE Vulnerability in LocalizationService.cs in nopCommerce

CVE-2019-11519 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

Libraries/Nop.Services/Localization/LocalizationService.cs in nopCommerce through 4.10 allows XXE via the "Configurations -> Languages -> Edit Language -> Import Resources -> Upload XML file" screen.

Learn more about our Web Application Penetration Testing UK.