Cross-Site Scripting Vulnerability in OpenCart by OpenCart
CVE-2020-29471

4.8MEDIUM

Key Information:

Vendor
Opencart
Status
Opencart
Vendor
CVE Published:
29 December 2020

Summary

OpenCart 3.0.3.6 is susceptible to a cross-site scripting vulnerability through its profile image upload feature. An administrator can upload a profile picture that contains malicious JavaScript code. When other users view this profile image, the embedded code executes, leading to the potential for exploitation via XSS. This issue underscores the importance of rigorous input validation in web applications to mitigate such vulnerabilities.

References

https://www.exploit-db.com/exploits/49098
x_refsource_MISC

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2020-29471 : Cross-Site Scripting Vulnerability in OpenCart by OpenCart | SecurityVulnerability.io