CVE-2024-21517

LOW EPSS 30.9%
Published Jun 22, 20242y ago · Modified Jun 17, 20261w ago
1.2 CVSS 4.0
Low
Find Similar
Published Jun 22, 2024 2y ago
Last Modified Jun 17, 2026 1w ago

Description

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and Javascript into the page response. As this vulnerability is present in the account functionality it could be used to target and attack customers of the OpenCart shop. **Notes:** 1) The fix for this vulnerability is incomplete

CVSS Details

Base Score
1.2
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction A
Scope X

Threat Intelligence

EPSS Exploit Probability
30.9% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
opencartopencart*≥4.0.0.0

References 2

  • github.com https://github.com/opencart/opencart/commit/0fd1ee4b6c94366bf3e5d3831a8336f3275d1860
    Patch
  • security.snyk.io https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266577
    ExploitPatchThird Party Advisory

Remediation

  • github.com https://github.com/opencart/opencart/commit/0fd1ee4b6c94366bf3e5d3831a8336f3275d1860
    Patch
  • security.snyk.io https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266577
    ExploitPatchThird Party Advisory