CVE-2025-45892

MEDIUM

OpenCart < 4.1.0.4 - Stored Cross-Site Scripting via Blog Editor

Title source: llm
STIX 2.1

Description

OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting (XSS) attack via the blog editor. The vulnerability arises because input in the blog's editor is not properly sanitized or escaped before being rendered. This allows attackers to inject malicious JavaScript code

References (2)

Core 2
Core References

Scores

CVSS v3 6.1
EPSS 0.0025
EPSS Percentile 15.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
opencart/opencart < 4.1.0.4
Published Jul 25, 2025
Tracked Since Feb 18, 2026