Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1xYzNxLThycjgtOHA1ds4AA9S4

Moderate EPSS: 0.0003% (0.06796 Percentile) EPSS:
Permalink JSON

Cross site scripting in opencart

Affected Packages Affected Versions Fixed Versions
packagist:opencart/opencart >= 4.0.0.0 No known fixed version
12 Dependent packages
15 Dependent repositories
35,114 Downloads total

Affected Version Ranges

All affected versions

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and Javascript into the page response. As this vulnerability is present in the account functionality it could be used to target and attack customers of the OpenCart shop.

Notes:

  1. The fix for this vulnerability is incomplete
References:

Identifiers

GHSA-qc3q-8rr8-8p5v

CVE-2024-21517

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.0003

EPSS Percentile: 0.06796

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/opencart/opencart

Date and time

Published

about 1 year ago

Updated

about 1 year ago

API

JSON