Free Trial
Under attack ?

OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks

Overview :
OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users’ image upload section.
What version of OpenCart are you reporting this for?
Opencart 3.0.3.2
Describe the bug
Stored Cross Site Scripting (XSS) – Authenticated is found in users image upload section in opencart admin panel. Opencart is accepting filenames with arbitrary code in it and not escaping them so the JavaScript get executed. Malicious script in the admin dashboard can be injected permanently and can be used to steal the user’s sensitive information like cookies, keystrokes, account information etc

Server / Test environment (please complete the following information):

  • Kali Linux 4.19.0
  • PHP version: 7.1.32
  • Apache version: 2.4.41
  • Browser(s) tested with: Mozilla Firefox Latest Build
Facebook
Twitter
LinkedIn
Linkedin X-twitter Facebook-f Youtube

Recent Blog Posts

Top 10 Cybersecurity Companies in India - 2025 Edition
Top 10 Network Security Solutions for 2025
Zero Trust Security Providers 2025 – Top 10 Ranked List
Best Intrusion Detection Systems (IDS) to Use in 2025
Top 5 Cybersecurity Risk Management Strategies for 2025

WAF Solution

Recent Case Studies

Government Institution Fortifies Data Defenses with Prophaze

Government Institution Fortifies Data Defenses with Prophaze

December 14, 2023
Prophaze's WAF Redefines Aerospace Security Standards

Prophaze’s WAF Redefines Aerospace Security Standards

December 14, 2023
Industrial IoT Breach mitigated by Prophaze

Industrial IoT Breach Mitigated by Prophaze

December 14, 2023

Recent Press Releases

Indo Pak Cyber Attacks

India Cyber Attack: 85 Million Malicious Requests Blocked by Prophaze

May 20, 2025
Intel Prophaze Partnership

Intel’s 4th Gen Processors Power Prophaze’s New Era of Smarter, Faster Security

January 23, 2025

PrivaPlan Partners with Prophaze to Set New Era in Data Security and Compliance

January 15, 2025