Security Advisory
CVE-2020-13980
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users image upload section because of a lack of entity encoding. NOTE: this issue exists because of an incomplete fix for CVE-2020-10596. The vendor states "this is not a massive issue as you are still required to be logged into the admin.