Stored Cross-Site Scripting in OpenCart 3.x Admin Panel
CVE-2019-15081

4.8MEDIUM

Key Information:

Vendor
Opencart
Status
Opencart
Vendor
CVE Published:
15 August 2019

Summary

OpenCart 3.x is vulnerable to stored cross-site scripting (XSS) attacks when an attacker gains authorized access to the admin panel. This vulnerability allows an attacker to inject malicious scripts through the Source/HTML editing feature present on the Categories, Products, and Information pages. If successful, this can lead to the execution of arbitrary scripts in the context of the victim's browser, potentially compromising sensitive data and user sessions.

References

https://github.com/nipunsomani/Opencart-3.x.x-Authenticat...
x_refsource_MISC
http://packetstormsecurity.com/files/154286/Opencart-3.x-...
x_refsource_MISC

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2019-15081 : Stored Cross-Site Scripting in OpenCart 3.x Admin Panel | SecurityVulnerability.io