Description
OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Profile Image. An admin can upload a profile image as a malicious code using JavaScript. Whenever anyone will see the profile picture, the code will execute and XSS will trigger.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2019-2949 Vulnerability (CVE-2019-2949)
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17306)
Chamilo Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-32925)