2020-06-09 13:44:50
mitre
PUBLISHED
OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users image upload section because of a lack of entity encoding. NOTE: this issue exists because of an incomplete fix for CVE-2020-10596. The vendor states "this is not a massive issue as you are still required to be logged into the admin.