CVE-2019-15081

Опубликовано: 15 авг. 2019

Источник: nvd

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

OpenCart 3.x, when the attacker has login access to the admin panel, allows stored XSS within the Source/HTML editing feature of the Categories, Product, and Information pages.

Ссылки

http://packetstormsecurity.com/files/154286/Opencart-3.x-Cross-Site-Scripting.html
Broken Link
https://github.com/nipunsomani/Opencart-3.x.x-Authenticated-Stored-XSS/blob/master/README.md
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/154286/Opencart-3.x-Cross-Site-Scripting.html
Broken Link
https://github.com/nipunsomani/Opencart-3.x.x-Authenticated-Stored-XSS/blob/master/README.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opencart:opencart:*:*:*:*:*:*:*:*

Версия от 3.0.0.0 (включая) до 3.0.3.2 (включая)

EPSS

Процентиль: 39%

0.00172

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-2whr-j8jv-m2f3