Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opencart opencart vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2020-13980
OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section because of a lack of entity encoding. NOTE: this issue exists because of an incomplete fix for CVE-2020-10596. The vendor states "this is ...
Opencart Opencart 3.0.3.3
4.8
CVSSv3
CVE-2020-29471
OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Profile Image. An admin can upload a profile image as a malicious code using JavaScript. Whenever anyone will see the profile picture, the code will execute and XSS will trigger.
Opencart Opencart 3.0.3.6
9.8
CVSSv3
CVE-2023-40834
OpenCart CMS v4.0.2.2 exists to lack a protective mechanism on its login page against excessive login attempts, allowing unauthenticated malicious users to gain access to the application via a brute force attack to the password parameter.
Opencart Opencart 4.0.2.2
6.1
CVSSv3
CVE-2018-1000640
OpenCart-Overclocked version <=1.11.1 contains a Cross Site Scripting (XSS) vulnerability in User input entered unsanitised within JS function in the template that can result in Unauthorised actions and access to data, stealing session information, denial of service. This atta...
Villagedefrance Opencart-overclocked
NA
CVE-2008-3130
Multiple cross-site scripting (XSS) vulnerabilities in index.php in OpenCart 0.7.7 allow remote malicious users to inject arbitrary web script or HTML via the (1) firstname and (2) search parameters. NOTE: the provenance of this information is unknown; the details are obtained so...
Simple Machines Opencart 0.7.7
NA
CVE-2020-105961
OpenCart version 3.0.3.2 suffers from a persistent cross site scripting vulnerability.
9.8
CVSSv3
CVE-2022-24108
The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote malicious user to inject a serialized PHP object via the setting parameter, potentially resulting in the ability to write to files on the server, cause DoS, and achieve remote code execution because of deseri...
Skyoftech So Listing Tabs 2.2.0
7.5
CVSSv3
CVE-2020-15478
The Journal theme prior to 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.
Journal-theme Journal
8.1
CVSSv3
CVE-2018-11231
In the Divido plugin for OpenCart, there is SQL injection. Attackers can use SQL injection to get some confidential information.
Divido Divido -
9.8
CVSSv3
CVE-2022-41403
OpenCart 3.x Newsletter Custom Popup exists to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/so_newletter_custom_popup/newsletter.
Newsletter Subscribe \\(popup \\+ Regular Module\\) Project Newsletter Subscribe \\(popup \\+ Regular Module\\) 4.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
IMAP
CVE-2024-4367
server-side request forgery
information disclosure
CVE-2024-34342
CVE-2024-4281
CVE-2024-3507
CVE-2024-25560
CVE-2024-34574
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3