Free Trial

Web Application Firewall

OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks

[vc_row][vc_column][vc_column_text]

Cabadbaran Overview :

OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users’ image upload section.
cheap Lyrica canada What version of OpenCart are you reporting this for?
Opencart 3.0.3.2
Describe the bug
Stored Cross Site Scripting (XSS) – Authenticated is found in users image upload section in opencart admin panel. Opencart is accepting filenames with arbitrary code in it and not escaping them so the JavaScript get executed. Malicious script in the admin dashboard can be injected permanently and can be used to steal the user’s sensitive information like cookies, keystrokes, account information etc

Server / Test environment (please complete the following information):

Kali Linux 4.19.0
PHP version: 7.1.32
Apache version: 2.4.41
Browser(s) tested with: Mozilla Firefox Latest Build

[/vc_column_text][/vc_column][/vc_row]

Recent Posts

What Is REST API How To Provide Security To REST API

What Is REST API? How To Provide Security To REST API?

CVE-2022-42302 : VERITAS NETBACKUP UP TO 10.0 NBFSMCLIENT SERVICE SQL INJECTION

CVE-2022-42302 : VERITAS NETBACKUP UP TO 10.0 NBFSMCLIENT SERVICE SQL INJECTION

CVE-2022-36961 : SOLARWINDS ORION PLATFORM VERB SQL INJECTION

CVE-2022-36961 : SOLARWINDS ORION PLATFORM VERB SQL INJECTION

Follow Us

zzcms 2018 template_user.php ml/title code injection

August 26, 2021 No Comments

A vulnerability was found in zzcms 2018 (Content Management System) and classified as critical. This issue affects an unknown function

ZyXEL VPN2S 1.12 Web Server path traversal

September 29, 2021 No Comments

A vulnerability classified as problematic was found in ZyXEL VPN2S 1.12. Affected by this vulnerability is an unknown part of

Zyxel VPN2S 1.12 CGI Program os command injection

September 29, 2021 No Comments

A vulnerability has been found in Zyxel VPN2S 1.12 and classified as critical. This vulnerability affects some unknown processing of

Zyxel USG/USG Flex/Zywall/ATP/VPN up to 4.64 Web-based Management Interface improper authentication

July 2, 2021 No Comments

A vulnerability was found in Zyxel USG, USG Flex, Zywall, ATP and VPN up to 4.64 (Firewall Software). It has

ZyXEL GS1900-8 2.60 LLDP Packet cross site scripting

July 26, 2021 No Comments

A vulnerability was found in ZyXEL GS1900-8 2.60. It has been classified as problematic. This affects an unknown code of

Zynamics BinDiff up to 6 i64 File use after free

June 30, 2021 No Comments

A vulnerability, which was classified as critical, has been found in Zynamics BinDiff up to 6. This issue affects an

Web Application Firewall Solution

CVE-2023-5288 : SICK SIM1012 Access Control

CVE-2023-5288 : SICK SIM1012 Access Control

September 30, 2023 No Comments

Description A remote unauthorized attacker may connect to the SIM1012, interact with the device and change configuration settings. The adversary

What Is Application Security Posture Management

Application Security Posture Management (ASPM)

September 30, 2023 No Comments

Empowering Businesses with Application Security Posture Management The landscape of cybersecurity continues to change rapidly, making it difficult for businesses

Prophaze's Protection On Confidential Customer Data

Prophaze’s Protection On Confidential Customer Data

September 29, 2023 No Comments

Prophaze Ensures Uncompromised Security on Safeguarding Confidential Customer Data With the increasing frequency of data breaches and cyberattacks in today’s