OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section.
opencart opencart 3.0.3.2
CVE-2020-10596-1
CVE-2020-10596-2