NotCVE - vendor:"Opencart" product:"Opencart" version:"3.0.3.7"

7 results (0.003 seconds)

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2025-45892 – OpenCart 4.1.0.4 Cross Site Scripting

https://notcve.org/view.php?id=CVE-2025-45892

26 Jun 2025 — OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting (XSS) attack via the blog editor. The vulnerability arises because input in the blog's editor is not properly sanitized or escaped before being rendered. This allows attackers to inject malicious JavaScript code La versión 4.1.0.4 de OpenCart es vulnerable a un ataque de Cross-Site Scripting (XSS) almacenado a través del editor del blog. Esta vulnerabilidad surge porque la entrada en el editor del blog no se depura ni escapa correctamen... • https://packetstorm.news/files/id/202886 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2025-45893 – OpenCart 4.1.0.4 Cross Site Scripting

https://notcve.org/view.php?id=CVE-2025-45893

26 Jun 2025 — OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting (XSS) attack via SVG file uploads used in blog posts. The vulnerability arises because SVG files uploaded through the media manager are not properly sanitized. Attackers can craft a malicious SVG file containing embedded JavaScript La versión 4.1.0.4 de OpenCart es vulnerable a un ataque de Cross-Site Scripting (XSS) Almacenado mediante la carga de archivos SVG utilizados en entradas de blog. Esta vulnerabilidad surge porque los archivo... • https://packetstorm.news/files/id/202886 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-1749 – HTML injection vulnerability in OpenCart

https://notcve.org/view.php?id=CVE-2025-1749

28 Feb 2025 — HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying the parameter name in /account/voucher. Vulnerabilidades de inyección HTML en versiones de OpenCart antes de 4.1.0. Estas vulnerabilidades podrían permitir a un atacante modificar el HTML del navegador de la víctima enviando una URL maliciosa y modificando el nombre del parámetro en /account/voucher. HTML injecti... • https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-opencart • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-1748 – HTML injection vulnerability in OpenCart

https://notcve.org/view.php?id=CVE-2025-1748

28 Feb 2025 — HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying the parameter name in /account/register. HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying the parameter name in /account/register. • https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-opencart • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-1747 – HTML injection vulnerability in OpenCart

https://notcve.org/view.php?id=CVE-2025-1747

28 Feb 2025 — HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying the parameter name in /account/login. HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying the parameter name in /account/login. • https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-opencart • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-1746 – Cross-Site Scripting vulnerability in OpenCart

https://notcve.org/view.php?id=CVE-2025-1746

28 Feb 2025 — Cross-Site Scripting vulnerability in OpenCart versions prior to 4.1.0. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the search in the /product/search endpoint. This vulnerability could be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. • https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-opencart • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-37823

https://notcve.org/view.php?id=CVE-2021-37823

03 Nov 2022 — OpenCart 3.0.3.7 allows users to obtain database information or read server files through SQL injection in the background. OpenCart 3.0.3.7 permite a los usuarios obtener información de la base de datos o leer archivos del servidor mediante inyección SQL en segundo plano. • https://medium.com/%40nowczj/sql-injection-exists-in-the-background-of-opencart-d41b5c58e99e • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •