Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xYzNxLThycjgtOHA1ds4AA9S4
Cross site scripting in opencart
This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and Javascript into the page response. As this vulnerability is present in the account functionality it could be used to target and attack customers of the OpenCart shop.
Notes:
- The fix for this vulnerability is incomplete
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xYzNxLThycjgtOHA1ds4AA9S4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 3 months ago
Updated: 3 months ago
CVSS Score: 4.2
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Identifiers: GHSA-qc3q-8rr8-8p5v, CVE-2024-21517
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-21517
- https://github.com/opencart/opencart/commit/0fd1ee4b6c94366bf3e5d3831a8336f3275d1860
- https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266577
- https://github.com/advisories/GHSA-qc3q-8rr8-8p5v
Blast Radius: 4.9
Affected Packages
packagist:opencart/opencart
Dependent packages: 12Dependent repositories: 15
Downloads: 34,604 total
Affected Version Ranges: >= 4.0.0.0
No known fixed version
All affected versions: