exploitDog

CVE-2025-45892

Опубликовано: 25 июл. 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting (XSS) attack via the blog editor. The vulnerability arises because input in the blog's editor is not properly sanitized or escaped before being rendered. This allows attackers to inject malicious JavaScript code

Ссылки

https://packetstorm.news/files/id/202886
Third Party Advisory
https://www.opencart.com
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opencart:opencart:*:*:*:*:*:*:*:*

Версия до 4.1.0.4 (включая)

EPSS

Процентиль: 9%

0.00032

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-fpvx-g24w-mpgm

CVSS3: 6.1

github

7 месяцев назад

OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting (XSS) attack via the blog editor. The vulnerability arises because input in the blog's editor is not properly sanitized or escaped before being rendered. This allows attackers to inject malicious JavaScript code

EPSS

Процентиль: 9%

0.00032

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79