Security Advisory

CVE-2020-13980

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-06-09 13:44:50
Last updated 2024-08-04 12:32:14
Assigner mitre
State PUBLISHED

Description

OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users image upload section because of a lack of entity encoding. NOTE: this issue exists because of an incomplete fix for CVE-2020-10596. The vendor states "this is not a massive issue as you are still required to be logged into the admin.