exploitDog

CVE-2025-1746

Опубликовано: 28 фев. 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Cross-Site Scripting vulnerability in OpenCart versions prior to 4.1.0. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the search in the /product/search endpoint. This vulnerability could be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.

Ссылки

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-opencart
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opencart:opencart:*:*:*:*:*:*:*:*

Версия до 4.1.0.0 (исключая)

EPSS

Процентиль: 22%

0.00071

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-52xm-jh2q-v993

CVSS3: 6.1

github

11 месяцев назад

Cross-Site Scripting vulnerability in OpenCart versions prior to 4.1.0. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the search in the /product/search endpoint. This vulnerability could be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.

EPSS

Процентиль: 22%

0.00071

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79