Description
HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying the parameter name in /account/voucher.
Remediation
References
Related Vulnerabilities
WordPress Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-17670)
WeBid Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2024-32166)
axios Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-42034)
WordPress Plugin WP-Members Membership Cross-Site Scripting (3.1.4.1)
MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-44854)