exploitDog

CVE-2020-29471

Опубликовано: 29 дек. 2020

Источник: nvd

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Profile Image. An admin can upload a profile image as a malicious code using JavaScript. Whenever anyone will see the profile picture, the code will execute and XSS will trigger.

Ссылки

https://www.exploit-db.com/exploits/49098
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/49098
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opencart:opencart:3.0.3.6:*:*:*:*:*:*:*

EPSS

Процентиль: 37%

0.00155

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-7vrp-3pff-c3j4

CVSS3: 4.8

github

больше 3 лет назад

OpenCart Stored Cross-Site Scripting

EPSS

Процентиль: 37%

0.00155

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79