Stored Cross-Site Scripting in OpenCart 3.x Admin Panel
CVE-2019-15081

4.8MEDIUM

Key Information:

Vendor: Opencart
Status: Opencart
Vendor: CVE Published:; 15 August 2019

What is CVE-2019-15081?

OpenCart 3.x is vulnerable to stored cross-site scripting (XSS) attacks when an attacker gains authorized access to the admin panel. This vulnerability allows an attacker to inject malicious scripts through the Source/HTML editing feature present on the Categories, Products, and Information pages. If successful, this can lead to the execution of arbitrary scripts in the context of the victim's browser, potentially compromising sensitive data and user sessions.

References

https://github.com/nipunsomani/Opencart-3.x.x-Authenticat...

x_refsource_MISC

http://packetstormsecurity.com/files/154286/Opencart-3.x-...

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 15, 2019
Vulnerability Reserved
Aug 15, 2019