Vulnerabilities > Opencart > Opencart > 4.0.2.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-22 | CVE-2024-21515 | Cross-site Scripting vulnerability in Opencart This affects versions of the package opencart/opencart from 4.0.0.0. | 4.7 |
| 2024-06-22 | CVE-2024-21516 | Cross-site Scripting vulnerability in Opencart This affects versions of the package opencart/opencart from 4.0.0.0 and before 4.1.0.0. | 4.7 |
| 2024-06-22 | CVE-2024-21517 | Cross-site Scripting vulnerability in Opencart This affects versions of the package opencart/opencart from 4.0.0.0. | 6.1 |
| 2024-06-22 | CVE-2024-21518 | Path Traversal vulnerability in Opencart This affects versions of the package opencart/opencart from 4.0.0.0. | 7.2 |
| 2024-06-22 | CVE-2024-21519 | Unspecified vulnerability in Opencart This affects versions of the package opencart/opencart from 4.0.0.0. | 7.2 |
| 2023-11-15 | CVE-2023-47444 | Code Injection vulnerability in Opencart An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server. | 8.8 |
| 2023-09-27 | CVE-2023-2315 | Path Traversal vulnerability in Opencart Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server | 8.8 |