OpenCart < 3.0.3.3 XSS Vulnerability

OpenCart is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:opencart:opencart"...

OpenCart Cross-site Scripting

OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section because of a lack of entity encoding. NOTE: this issue exists because of an incomplete fix for CVE-2020-10596. The vendor states "this is not a massive issue as you...

OpenCart Cross-Site Scripting Vulnerability (CNVD-2020-35932)

OpenCart is an open source e-commerce system OpenCart company in Hong Kong, China . The system provides product reviews, product ratings, product additions and other modules. A cross-site scripting vulnerability exists in OpenCart version 3.0.3.3. The vulnerability stems from a lack of proper...

CVE-2020-13980

OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section because of a lack of entity encoding. NOTE: this issue exists because of an incomplete fix for CVE-2020-10596. The vendor states "this is not a massive issue as you...

CVE-2020-13980

OpenCart 3.0.3.3 is vulnerable to a cross-site scripting (XSS) issue triggered by a crafted filename in the users’ image upload section. The root cause is a lack of proper entity encoding in filenames, and this issue is noted as a follow-up to an incomplete fix for CVE-2020-10596. The vulnerabili...

PT-2020-13815 · Opencart · Opencart

Name of the Vulnerable Software and Affected Versions: OpenCart version 3.0.3.3 Description: The issue allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section because of a lack of entity encoding. This problem exists due to an incomplete...