CVE-2020-29470

MEDIUM

OpenCart 3.0.3.6 - XSS

Title source: llm

Description

OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Subject field of mail. This vulnerability can allow an attacker to inject the XSS payload in the Subject field of the mail and each time any user will open that mail of the website, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.

Exploits (1)

exploitdb WORKING POC

by Hemant Patidar · textwebappsphp

https://www.exploit-db.com/exploits/49099

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/49099

Scores

CVSS v3 4.8

EPSS 0.0047

EPSS Percentile 64.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

opencart/opencart 3.0.3.6

opencart/opencart Packagist

Published Dec 29, 2020

Tracked Since Feb 18, 2026