Cross-Site Scripting Vulnerability in OpenCart by OpenCart
CVE-2015-4671

6.1MEDIUM

Key Information:

Vendor

Opencart

Status
Opencart
Vendor
CVE Published:
12 January 2016

What is CVE-2015-4671?

A Cross-Site Scripting (XSS) vulnerability exists in OpenCart versions prior to 2.1.0.2. Through this flaw, remote attackers can exploit the zone_id parameter in the index.php file to inject malicious web scripts or HTML. If successfully executed, this can lead to session hijacking, site defacement, or the distribution of malware to site visitors. It is crucial for users to update to the latest version to mitigate this risk and enhance the security of their online stores.

References

http://seclists.org/fulldisclosure/2016/Jan/17
mailing-listx_refsource_FULLDISC
http://packetstormsecurity.com/files/135163/OpenCart-2.1....
x_refsource_MISC
https://github.com/opencart/opencart/releases/tag/2.1.0.2
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.