GHSA-qc3q-8rr8-8p5v

Suggest an improvement
Source
https://github.com/advisories/GHSA-qc3q-8rr8-8p5v
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-qc3q-8rr8-8p5v/GHSA-qc3q-8rr8-8p5v.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-qc3q-8rr8-8p5v
Aliases
Published
2024-06-22T06:30:36Z
Modified
2024-06-25T12:42:35.675526Z
Severity
  • 4.2 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator
Summary
Cross site scripting in opencart
Details

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and Javascript into the page response. As this vulnerability is present in the account functionality it could be used to target and attack customers of the OpenCart shop.

Notes:

1) The fix for this vulnerability is incomplete

Database specific
{
    "nvd_published_at": "2024-06-22T05:15:11Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-06-24T20:36:23Z"
}
References

Affected packages

Packagist / opencart/opencart

Package

Name
opencart/opencart
Purl
pkg:composer/opencart/opencart

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0.0.0