CVE-2025-45892
MEDIUMOpenCart < 4.1.0.4 - Stored Cross-Site Scripting via Blog Editor
Title source: llmDescription
OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting (XSS) attack via the blog editor. The vulnerability arises because input in the blog's editor is not properly sanitized or escaped before being rendered. This allows attackers to inject malicious JavaScript code
References (2)
Core 2
Core References
Third Party Advisory
https://packetstorm.news/files/id/202886
Product
https://www.opencart.com
Scores
CVSS v3
6.1
EPSS
0.0025
EPSS Percentile
15.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
opencart/opencart
< 4.1.0.4
Published
Jul 25, 2025
Tracked Since
Feb 18, 2026