Identifier

CVE-2020-13980

Package Slug

packagist/opencart/opencart

Vulnerability

Cross-site Scripting

Description

opencart allows remote authenticated users to conduct XSS attacks via a crafted filename in the image upload section because due to missing entity encoding.

Affected Versions

Version 3.0.3.3

Solution

Upgrade to version 3.0.3.4 or above.

Last Modified

2020-06-16

source