GSA_kwCzR0hTQS04N2N2LTU3cDgtajMzeM4AAnBI

Moderate EPSS: 0.00155% (0.3744 Percentile) EPSS:

Permalink JSON

OpenCart Cross-site Scripting (XSS) in the Subject field of mail.

Affected Packages	Affected Versions	Fixed Versions
packagist:opencart/opencart	= 3.0.3.6	No known fixed version
12 Dependent packages 15 Dependent repositories 35,114 Downloads total Affected Version Ranges All affected versions

OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Subject field of mail. This vulnerability can allow an attacker to inject the XSS payload in the Subject field of the mail and each time any user will open that mail of the website, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.

References:

https://nvd.nist.gov/vuln/detail/CVE-2020-29470
https://www.exploit-db.com/exploits/49099
https://github.com/advisories/GHSA-87cv-57p8-j33x

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

GSA_kwCzR0hTQS04N2N2LTU3cDgtajMzeM4AAnBI

OpenCart Cross-site Scripting (XSS) in the Subject field of mail.

Affected Version Ranges

All affected versions

Identifiers

Risk

Severity

EPSS

Classification

Source

Origin

Date and time

Published

Updated

API