Cross-site Scripting in OpenCart · CVE-2020-10596 · GitHub Advisory Database · GitHub

Cross-site Scripting in OpenCart

Moderate severity GitHub Reviewed Published May 6, 2021 to the GitHub Advisory Database • Updated Sep 7, 2023

Package

opencart/opencart (Composer)

Affected versions

<= 3.0.3.2

Patched versions

None

Description

OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section.

References

Published by the National Vulnerability Database

Mar 17, 2020

Reviewed May 4, 2021

Published to the GitHub Advisory Database May 6, 2021

Last updated Sep 7, 2023

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

Low

User interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N