Updated XSS Vulnerability

[iamtron01]

nopCommerce version: 4.70.1

Good day,

• I previously reported this issue on 6/9/2024, but I can no longer access the issue here on GitHub.
• The link below is part of 4.70.2 and was released several hours after I first reported the issue on 6/9/2024 appears to have resolved the issue.
• https://github.com/nopSolutions/nopCommerce/commit/13f3d2f6cc4ccf8ea6e09d49198abfcdfbb7e435

Steps to reproduce the problem:

1. Download Nop Commerce 4.70.1 with Source Code
2. Open Solution in Visual Studio, 2022
3. Run Solution and go through setup wizard, include sample data
4. Login as a customer
5. Click on a product
6. Click Add your review
7. For Review title enter,
8. For Review text enter,
9. Click Submit Review

Please acknowledge

See attachments: Popup, request/response from Nop 4.70.1, request/response from Nop 4.70.2

[AndreiMaz]

@iamtron01 Thanks a lot for reporting. You're right. We've already fixed it in the mentioned commit