CVE-2024-21517

Опубликовано: 22 июн. 2024

Источник: nvd

CVSS3: 4.2

CVSS3: 6.1

EPSS Низкий

Описание

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and Javascript into the page response. As this vulnerability is present in the account functionality it could be used to target and attack customers of the OpenCart shop.

Notes:

The fix for this vulnerability is incomplete

Ссылки

https://github.com/opencart/opencart/commit/0fd1ee4b6c94366bf3e5d3831a8336f3275d1860
Patch
https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266577
Exploit
Patch
Third Party Advisory
https://github.com/opencart/opencart/commit/0fd1ee4b6c94366bf3e5d3831a8336f3275d1860
Patch
https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266577
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opencart:opencart:*:*:*:*:*:*:*:*

Версия от 4.0.0.0 (включая)

EPSS

Процентиль: 48%

0.0025

Низкий

4.2 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-qc3q-8rr8-8p5v

CVSS3: 4.2

github

больше 1 года назад

Cross site scripting in opencart

EPSS

Процентиль: 48%

0.0025

Низкий

4.2 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79