Количество 2
Количество 2
CVE-2020-13980
OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section because of a lack of entity encoding. NOTE: this issue exists because of an incomplete fix for CVE-2020-10596. The vendor states "this is not a massive issue as you are still required to be logged into the admin.
GHSA-p9qw-fh38-x37f
OpenCart Cross-site Scripting
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2020-13980 OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section because of a lack of entity encoding. NOTE: this issue exists because of an incomplete fix for CVE-2020-10596. The vendor states "this is not a massive issue as you are still required to be logged into the admin. | CVSS3: 4.8 | 0% Низкий | больше 5 лет назад |
| GHSA-p9qw-fh38-x37f OpenCart Cross-site Scripting | CVSS3: 4.8 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу