HTML Injection Vulnerability in OpenCart by OpenCart
CVE-2025-1747

4.7MEDIUM

Key Information:

Vendor
Opencart
Status
Opencart
Vendor
CVE Published:
28 February 2025

Summary

HTML injection vulnerabilities in OpenCart allow attackers to manipulate the HTML content displayed in the victim's browser. Specifically, by crafting a malicious URL that alters the parameter name within the /account/login route, an attacker can execute unauthorized script code. This can potentially lead to unauthorized access or the execution of malicious scripts in the context of the user’s session, compromising sensitive information.

Affected Version(s)

OpenCart 0 < 4.1.0

References

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/...

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Gonzalo Aguilar GarcĂ­a (6h4ack)
.
CVE-2025-1747 : HTML Injection Vulnerability in OpenCart by OpenCart | SecurityVulnerability.io