HTML Injection Vulnerability in OpenCart by OpenCart
CVE-2025-1747

4.7MEDIUM

Key Information:

Vendor: Opencart
Status: Opencart
Vendor: CVE Published:; 28 February 2025

What is CVE-2025-1747?

HTML injection vulnerabilities in OpenCart allow attackers to manipulate the HTML content displayed in the victim's browser. Specifically, by crafting a malicious URL that alters the parameter name within the /account/login route, an attacker can execute unauthorized script code. This can potentially lead to unauthorized access or the execution of malicious scripts in the context of the user’s session, compromising sensitive information.

Affected Version(s)

OpenCart 0 < 4.1.0

References

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/...

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 28, 2025
Vulnerability Reserved
Feb 27, 2025

Credit

Gonzalo Aguilar García (6h4ack)

Opencart

What is CVE-2025-1747?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit