CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1749 – HTML injection vulnerability in OpenCart
https://notcve.org/view.php?id=CVE-2025-1749
28 Feb 2025 — HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying the parameter name in /account/voucher. Vulnerabilidades de inyección HTML en versiones de OpenCart antes de 4.1.0. Estas vulnerabilidades podrían permitir a un atacante modificar el HTML del navegador de la víctima enviando una URL maliciosa y modificando el nombre del parámetro en /account/voucher. HTML injecti... • https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-opencart • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1748 – HTML injection vulnerability in OpenCart
https://notcve.org/view.php?id=CVE-2025-1748
28 Feb 2025 — HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying the parameter name in /account/register. HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying the parameter name in /account/register. • https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-opencart • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1747 – HTML injection vulnerability in OpenCart
https://notcve.org/view.php?id=CVE-2025-1747
28 Feb 2025 — HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying the parameter name in /account/login. HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying the parameter name in /account/login. • https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-opencart • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1746 – Cross-Site Scripting vulnerability in OpenCart
https://notcve.org/view.php?id=CVE-2025-1746
28 Feb 2025 — Cross-Site Scripting vulnerability in OpenCart versions prior to 4.1.0. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the search in the /product/search endpoint. This vulnerability could be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. • https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-opencart • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-37823
https://notcve.org/view.php?id=CVE-2021-37823
03 Nov 2022 — OpenCart 3.0.3.7 allows users to obtain database information or read server files through SQL injection in the background. OpenCart 3.0.3.7 permite a los usuarios obtener información de la base de datos o leer archivos del servidor mediante inyección SQL en segundo plano. • https://medium.com/%40nowczj/sql-injection-exists-in-the-background-of-opencart-d41b5c58e99e • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •