CVE-2020-10596: Cross-site Scripting

March 17, 2020 (updated June 3, 2020)

OpenCart allows remote authenticated users to conduct XSS attacks via a crafted filename in the user image upload section.

References

github.com/opencart/opencart/issues/7810
nvd.nist.gov/vuln/detail/CVE-2020-10596

Detect and mitigate CVE-2020-10596 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →