OpenCart-Overclocked version <=1.11.1 contains a Cross Site Scripting (XSS) vulnerability in User input entered unsanitised within JS function in the template that can result in Unauthorised actions and access to data, stealing session information, denial of service. This attack appear to be exploitable via Malicious input passed in GET parameter.
References
Link | Resource |
---|---|
https://0dd.zone/2018/08/05/OpenCart-Overclocked-Reflected-XSS/ | Third Party Advisory |
https://github.com/villagedefrance/OpenCart-Overclocked/issues/190 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:21:59
Updated: 2022-10-03T16:21:59
Reserved: 2018-08-08T00:00:00
Link: CVE-2018-1000640
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-08-20T19:31:35.980
Modified: 2018-10-19T17:21:26.200
Link: CVE-2018-1000640
JSON object: View
Redhat Information
No data.
CWE