HTML Injection in OpenCart by OpenCart
CVE-2025-1749
4.7MEDIUM
Summary
HTML injection vulnerabilities exist in OpenCart versions prior to 4.1.0, which can allow attackers to manipulate the HTML content displayed in the user's browser. By exploiting these vulnerabilities, an attacker can craft a malicious URL that modifies parameters within the '/account/voucher' endpoint, ultimately leading to unauthorized changes in the site's content as viewed by the user. This exploitation poses a security risk by enabling phishing attacks, data theft, and other malicious activities, highlighting the necessity for timely software updates and security patches.
Affected Version(s)
OpenCart 0 < 4.1.0
References
CVSS V3.1
Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Gonzalo Aguilar GarcĂa (6h4ack)