Cross-Site Scripting Vulnerability in OpenCart by OpenCart
CVE-2020-10596

5.4MEDIUM

Key Information:

Vendor: Opencart
Status: Opencart
Vendor: CVE Published:; 17 March 2020

What is CVE-2020-10596?

OpenCart 3.0.3.2 is susceptible to Cross-Site Scripting (XSS) attacks, which allows remote authenticated users to exploit the system. This vulnerability occurs through a specifically crafted filename in the image upload section, potentially leading to malicious payload execution in the context of the user's session.

References

https://github.com/opencart/opencart/issues/7810

x_refsource_MISC

http://packetstormsecurity.com/files/157908/OpenCart-3.0....

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 17, 2020
Vulnerability Reserved
Mar 16, 2020

Opencart

What is CVE-2020-10596?

References

CVSS V3.1

Timeline