Lucene search
MitreCVELIST:CVE-2020-13980HistoryJun 09, 2020 - 1:44 p.m.
CVE-2020-13980
2020-06-0913:44:50
mitre
www.cve.org
1
OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users’ image upload section because of a lack of entity encoding. NOTE: this issue exists because of an incomplete fix for CVE-2020-10596. The vendor states "this is not a massive issue as you are still required to be logged into the admin.
References
Related
osv
osv
OpenCart Cross-site Scripting
2022-05-24 17:19:37
Cross-site Scripting in OpenCart
2021-05-06 18:54:04
CVE-2020-10596
2020-03-17 15:15:14
github
github
OpenCart Cross-site Scripting
2022-05-24 17:19:37
Cross-site Scripting in OpenCart
2021-05-06 18:54:04
prion
prion
Design/Logic Flaw
2020-06-09 14:15:00
Design/Logic Flaw
2020-03-17 15:15:00
cve
cve
CVE-2020-13980
2020-06-09 14:15:10
CVE-2020-10596
2020-03-17 15:15:14
nvd
nvd
CVE-2020-13980
2020-06-09 14:15:10
CVE-2020-10596
2020-03-17 15:15:14
zdt
zdt
OpenCart 3.0.3.2 - Stored Cross Site Scripting (Authenticated) Vulnerability
2020-06-02 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2020-03-18 03:59:09
cvelist
cvelist
CVE-2020-10596
2020-03-17 14:42:30
openvas
openvas
OpenCart < 3.0.3.3 XSS Vulnerability
2023-08-25 00:00:00
packetstorm
packetstorm
OpenCart 3.0.3.2 Cross Site Scripting
2020-06-03 00:00:00
exploitdb
exploitdb
OpenCart 3.0.3.2 - Stored Cross Site Scripting (Authenticated)
2020-06-02 00:00:00