5 matches found
CVE-2020-10596
OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section...
OpenCart Cross-site Scripting
OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section because of a lack of entity encoding. NOTE: this issue exists because of an incomplete fix for CVE-2020-10596. The vendor states "this is not a massive issue as you...
GHSA-P9QW-FH38-X37F OpenCart Cross-site Scripting
OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section because of a lack of entity encoding. NOTE: this issue exists because of an incomplete fix for CVE-2020-10596. The vendor states "this is not a massive issue as you...
OpenCart 3.0.3.2 - Stored Cross Site Scripting (Authenticated) Vulnerability
Exploit for php platform in category web applications Exploit Title: OpenCart 3.0.3.2 - Stored Cross Site Scripting Authenticated Exploit Author: Kailash Bohara Vendor Homepage: https://www.opencart.com Software Link: https://www.opencart.com/index.php?route=cms/download Version: OpenCart...
CVE-2020-10596
OpenCart CVE-2020-10596 is described as a cross-site scripting issue in OpenCart 3.0.3.2 where remote authenticated users can inject XSS via a crafted filename in the image upload section. Connected sources reiterate the same class of vulnerability and note that the issue arises from inadequate e...