Lucene search
Veracode Vulnerability DatabaseVERACODE:22740HistoryMar 18, 2020 - 3:59 a.m.
Cross-Site Scripting (XSS)
2020-03-1803:59:09
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
EPSS
0.001
Percentile
48.5%
Opencart is vulnerable to cross-site scripting (XSS). The attack is possible because it does not sanitize the filename argument in the image upload section of admin panel, allowing an attacker to inject malicious script and get the script executed when a user visits the Image manager section.
References
packetstormsecurity.com/files/157908/OpenCart-3.0.3.2-Cross-Site-Scripting.html
github.com/opencart/opencart/blob/4ba536198a4638b6d3902a7c720ce8503b0dc394/upload/admin/controller/common/filemanager.php#L80-L82
github.com/opencart/opencart/blob/4ba536198a4638b6d3902a7c720ce8503b0dc394/upload/admin/controller/common/filemanager.php#L87-L91
github.com/opencart/opencart/issues/7810
Related
zdt
zdt
OpenCart 3.0.3.2 - Stored Cross Site Scripting (Authenticated) Vulnerability
2020-06-02 00:00:00
github
github
Cross-site Scripting in OpenCart
2021-05-06 18:54:04
OpenCart Cross-site Scripting
2022-05-24 17:19:37
cvelist
cvelist
CVE-2020-10596
2020-03-17 14:42:30
CVE-2020-13980
2020-06-09 13:44:50
osv
osv
Cross-site Scripting in OpenCart
2021-05-06 18:54:04
CVE-2020-10596
2020-03-17 15:15:14
OpenCart Cross-site Scripting
2022-05-24 17:19:37
nvd
nvd
CVE-2020-10596
2020-03-17 15:15:14
CVE-2020-13980
2020-06-09 14:15:10
cve
cve
CVE-2020-10596
2020-03-17 15:15:14
CVE-2020-13980
2020-06-09 14:15:10
prion
prion
Design/Logic Flaw
2020-03-17 15:15:00
Design/Logic Flaw
2020-06-09 14:15:00
openvas
openvas
OpenCart < 3.0.3.3 XSS Vulnerability
2023-08-25 00:00:00
packetstorm
packetstorm
OpenCart 3.0.3.2 Cross Site Scripting
2020-06-03 00:00:00
exploitdb
exploitdb
OpenCart 3.0.3.2 - Stored Cross Site Scripting (Authenticated)
2020-06-02 00:00:00