Published: 15/08/2019 Updated: 02/03/2023

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 4.8 | Impact Score: 2.7 | Exploitability Score: 1.7

VMScore: 355

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

OpenCart 3.x, when the attacker has login access to the admin panel, allows stored XSS within the Source/HTML editing feature of the Categories, Product, and Information pages.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opencart opencart

# Exploit Title: Opencart 3xx Authenticated Stored XSS # Date: 08/15/2019 # Exploit Author: Nipun Somani # Author Web: thehackerstorenet # Vendor Homepage: wwwopencartcom/ # Software Link: githubcom/opencart/opencart # Version: 3xx # Tested on: Debian 9, Windows 10 x64 # CVE : CVE-2019-15081 Description: The Opencar ...

Opencart version 3x suffers from a cross site scripting vulnerability ...

Opencart 3xx Authenticated Stored XSS CVE-2019-15081 Description The Opencart Version 3xx allows editing Source/HTML of the Categories / Product / Information pages in the admin panel which isn't sanitized to user input allowing for an attacker to execute arbitrary javascript code leading to Stored Cross-Site-Scripting(XSS) Proof-of-Concept(POC) Log-in to admin-pane

CWE-79 https://github.com/nipunsomani/Opencart-3.x.x-Authenticated-Stored-XSS/blob/master/README.md http://packetstormsecurity.com/files/154286/Opencart-3.x-Cross-Site-Scripting.html https://nvd.nist.gov https://github.com/nipunsomani/Opencart-3.x.x-Authenticated-Stored-XSS https://www.exploit-db.com/exploits/47331

CVE-2019-15081

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect