This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and Javascript into the page response. As this vulnerability is present in the account functionality it could be used to target and attack customers of the OpenCart shop.
**Notes:**
1) The fix for this vulnerability is incomplete
References
Link | Resource |
---|---|
https://github.com/opencart/opencart/commit/0fd1ee4b6c94366bf3e5d3831a8336f3275d1860 | Patch |
https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266577 | Exploit Patch Third Party Advisory |
https://github.com/opencart/opencart/commit/0fd1ee4b6c94366bf3e5d3831a8336f3275d1860 | Patch |
https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266577 | Exploit Patch Third Party Advisory |
Configurations
History
21 Nov 2024, 08:54
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.2 |
References | () https://github.com/opencart/opencart/commit/0fd1ee4b6c94366bf3e5d3831a8336f3275d1860 - Patch | |
References | () https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266577 - Exploit, Patch, Third Party Advisory |
24 Jun 2024, 19:56
Type | Values Removed | Values Added |
---|---|---|
First Time |
Opencart
Opencart opencart |
|
CPE | cpe:2.3:a:opencart:opencart:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
References | () https://github.com/opencart/opencart/commit/0fd1ee4b6c94366bf3e5d3831a8336f3275d1860 - Patch | |
References | () https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266577 - Exploit, Patch, Third Party Advisory |
24 Jun 2024, 12:57
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
22 Jun 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-22 05:15
Updated : 2024-11-21 08:54
NVD link : CVE-2024-21517
Mitre link : CVE-2024-21517
CVE.ORG link : CVE-2024-21517
JSON object : View
Products Affected
opencart
- opencart
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')