Lucene search
GoogleOSV:GHSA-P9QW-FH38-X37FHistoryMay 24, 2022 - 5:19 p.m.
OpenCart Cross-site Scripting
2022-05-2417:19:37
Google
osv.dev
6
opencart
cross-site scripting
remote authenticated users
image upload
entity encoding
cve-2020-10596
admin login
OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users’ image upload section because of a lack of entity encoding. NOTE: this issue exists because of an incomplete fix for CVE-2020-10596.
The vendor states “this is not a massive issue as you are still required to be logged into the admin.”
Related
github
github
OpenCart Cross-site Scripting
2022-05-24 17:19:37
Cross-site Scripting in OpenCart
2021-05-06 18:54:04
prion
prion
Design/Logic Flaw
2020-06-09 14:15:00
Design/Logic Flaw
2020-03-17 15:15:00
cvelist
cvelist
CVE-2020-13980
2020-06-09 13:44:50
CVE-2020-10596
2020-03-17 14:42:30
cve
cve
CVE-2020-13980
2020-06-09 14:15:10
CVE-2020-10596
2020-03-17 15:15:14
nvd
nvd
CVE-2020-13980
2020-06-09 14:15:10
CVE-2020-10596
2020-03-17 15:15:14
zdt
zdt
OpenCart 3.0.3.2 - Stored Cross Site Scripting (Authenticated) Vulnerability
2020-06-02 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2020-03-18 03:59:09
osv
osv
Cross-site Scripting in OpenCart
2021-05-06 18:54:04
CVE-2020-10596
2020-03-17 15:15:14
openvas
openvas
OpenCart < 3.0.3.3 XSS Vulnerability
2023-08-25 00:00:00
packetstorm
packetstorm
OpenCart 3.0.3.2 Cross Site Scripting
2020-06-03 00:00:00
exploitdb
exploitdb
OpenCart 3.0.3.2 - Stored Cross Site Scripting (Authenticated)
2020-06-02 00:00:00