CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20491
https://notcve.org/view.php?id=CVE-2020-20491
SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php. • https://github.com/opencart/opencart/issues/7612 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 4CVE-2020-10596 – OpenCart 3.0.3.2 - Stored Cross Site Scripting (Authenticated)
https://notcve.org/view.php?id=CVE-2020-10596
OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section. OpenCart versión 3.0.3.2, permite a usuarios autenticados remotos conducir ataques de tipo XSS por medio de un nombre de archivo diseñado en la sección de carga de imágenes de usuarios. OpenCart version 3.0.3.2 suffers from a persistent cross site scripting vulnerability. • https://www.exploit-db.com/exploits/48539 https://github.com/miguelc49/CVE-2020-10596-1 https://github.com/miguelc49/CVE-2020-10596-2 http://packetstormsecurity.com/files/157908/OpenCart-3.0.3.2-Cross-Site-Scripting.html https://github.com/opencart/opencart/issues/7810 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-15081 – Opencart 3.x - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-15081
OpenCart 3.x, when the attacker has login access to the admin panel, allows stored XSS within the Source/HTML editing feature of the Categories, Product, and Information pages. OpenCart versiones 3.x, cuando el atacante tiene acceso de inicio de sesión hacia el panel de administración, permite un ataque de tipo XSS almacenado dentro de la funcionalidad de edición de Source/HTML de las páginas Categories, Product, e Information. • https://www.exploit-db.com/exploits/47331 http://packetstormsecurity.com/files/154286/Opencart-3.x-Cross-Site-Scripting.html https://github.com/nipunsomani/Opencart-3.x.x-Authenticated-Stored-XSS/blob/master/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •