CVE-2025-45892

MEDIUM EPSS 15.7%

Published Jul 25, 202511mo ago · Modified Jun 17, 20261w ago

6.1 CVSS 3.1

Medium

Published Jul 25, 2025 11mo ago

Last Modified Jun 17, 2026 1w ago

Description

OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting (XSS) attack via the blog editor. The vulnerability arises because input in the blog's editor is not properly sanitized or escaped before being rendered. This allows attackers to inject malicious JavaScript code

CVSS Details

Base Score

6.1

Exploitability

2.8

Impact

2.7

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction Required

Scope Changed

Confidentiality Low

Integrity Low

Availability None

Threat Intelligence

EPSS Exploit Probability

15.7% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

Vendor	Product	Version	Range
opencart	opencart	*	≤4.1.0.4

References 2

packetstorm.news https://packetstorm.news/files/id/202886

Third Party Advisory
opencart.com https://www.opencart.com

Product

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.