Lucene search

CVE-2024-21516

🗓️ 22 Jun 2024 05:10:15Reported by snykType

cve🔗 web.nvd.nist.gov👁 39 Views🌐 WEB

Vulnerability in opencart/opencart 4.0.0.0 allows reflected XSS attack via admin/common/filemanager.list, leading to admin token exposure and potential privilege escalation. Incomplete fix allows exploitation even after redirect removal

Reporter	Title	Published	Views	Family All 7
OSV	BIT-OPENCART-2024-21516	25 Jun 202411:58	–	osv
OSV	GHSA-PQHQ-77PW-763C Cross site scripting in opencart	22 Jun 202406:30	–	osv
OSV	CVE-2024-21516	22 Jun 202405:15	–	osv
Github Security Blog	Cross site scripting in opencart	22 Jun 202406:30	–	github
Cvelist	CVE-2024-21516	22 Jun 202405:00	–	cvelist
NVD	CVE-2024-21516	22 Jun 202405:15	–	nvd
Vulnrichment	CVE-2024-21516	22 Jun 202405:00	–	vulnrichment

Nvd

Node

opencart opencartRange4.0.0.0≥

[
  {
    "product": "opencart/opencart",
    "versions": [
      {
        "version": "4.0.0.0",
        "lessThan": "4.1.0.0",
        "status": "affected",
        "versionType": "semver"
      }
    ],
    "vendor": "n/a"
  }
]

Source	Link
security	www.security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266576
github	www.github.com/opencart/opencart/commit/c546199e8f100c1f3797a7a9d3cf4db1887399a2

Parameter	Position	Path	Description	CWE
directory	query param	/admin/common/filemanager.list	Reflected XSS vulnerability in the directory parameter that can be exploited to obtain a user's token.	CWE-79

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

22 Jun 2024 05:15Current

4.8Medium risk

Vulners AI Score4.8

CVSS34.2 - 4.7

CVSS41.2

EPSS0.00046

SSVC

CWE-79