Description
OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting (XSS) attack via SVG file uploads used in blog posts. The vulnerability arises because SVG files uploaded through the media manager are not properly sanitized. Attackers can craft a malicious SVG file containing embedded JavaScript
Remediation
References
Related Vulnerabilities
Oracle Database Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-5499)
WordPress Plugin Breezing Forms Cross-Site Scripting (1.2.7.33)
WordPress 5.7.x Multiple Vulnerabilities (5.7 - 5.7.9)
Liferay Portal Insertion of Sensitive Information into Log File Vulnerability (CVE-2025-62262)
WordPress Plugin Convert Plus Unspecified Vulnerability (3.5.6)