Lucene search
Kailash Bohara1337DAY-ID-34506HistoryJun 02, 2020 - 12:00 a.m.
OpenCart 3.0.3.2 - Stored Cross Site Scripting (Authenticated) Vulnerability
2020-06-0200:00:00
Kailash Bohara
0day.today
40
EPSS
0.001
Percentile
48.5%
Exploit for php platform in category web applications
# Exploit Title: OpenCart 3.0.3.2 - Stored Cross Site Scripting (Authenticated)
# Exploit Author: Kailash Bohara
# Vendor Homepage: https://www.opencart.com
# Software Link: https://www.opencart.com/index.php?route=cms/download
# Version: OpenCart < 3.0.3.2
# CVE : CVE-2020-10596
1. Go to localhost.com/opencart/admin and login with credentials.
2. Then navigate to System>Users>Users and click on Action button on top right corner.
3. Now in image field , click on image and upload a new image. Before this select any image file and rename with this XSS payload "><svg onload=alert("XSS")> and then upload it as new user profile image.
4. After the upload completes the XSS pop-up executes as shown below and it will gets executed each time someone visits the Image manager section.
# 0day.today [2020-07-19] #Related
veracode
veracode
Cross-Site Scripting (XSS)
2020-03-18 03:59:09
github
github
Cross-site Scripting in OpenCart
2021-05-06 18:54:04
OpenCart Cross-site Scripting
2022-05-24 17:19:37
cvelist
cvelist
CVE-2020-10596
2020-03-17 14:42:30
CVE-2020-13980
2020-06-09 13:44:50
osv
osv
Cross-site Scripting in OpenCart
2021-05-06 18:54:04
CVE-2020-10596
2020-03-17 15:15:14
OpenCart Cross-site Scripting
2022-05-24 17:19:37
nvd
nvd
CVE-2020-10596
2020-03-17 15:15:14
CVE-2020-13980
2020-06-09 14:15:10
cve
cve
CVE-2020-10596
2020-03-17 15:15:14
CVE-2020-13980
2020-06-09 14:15:10
prion
prion
Design/Logic Flaw
2020-03-17 15:15:00
Design/Logic Flaw
2020-06-09 14:15:00
openvas
openvas
OpenCart < 3.0.3.3 XSS Vulnerability
2023-08-25 00:00:00
packetstorm
packetstorm
OpenCart 3.0.3.2 Cross Site Scripting
2020-06-03 00:00:00
exploitdb
exploitdb
OpenCart 3.0.3.2 - Stored Cross Site Scripting (Authenticated)
2020-06-02 00:00:00