Description

OpenCart 3.x, when the attacker has login access to the admin panel, allows stored XSS within the Source/HTML editing feature of the Categories, Product, and Information pages.

Remediation

References

CVE-2019-15081

Related Vulnerabilities

WordPress Plugin Google Maps Ready! Cross-Site Request Forgery (1.1.5)

WordPress Plugin Simple Membership Cross-Site Scripting (3.2.8)

WordPress Plugin WP Human Resource Management Security Bypass (2.2.14)

WordPress Plugin LearnPress-WordPress LMS Multiple Cross-Site Scripting Vulnerabilities (4.1.3)

Drupal Core 5.x Multiple Vulnerabilities (5.0 - 5.21)

Severity

Medium

Classification

CVE-2019-15081 CWE-707 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities