Vulnerabilities > Opencart > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-28 | CVE-2025-1746 | Cross-site Scripting vulnerability in Opencart Cross-Site Scripting vulnerability in OpenCart versions prior to 4.1.0. | 6.1 |
| 2025-02-28 | CVE-2025-1747 | Cross-site Scripting vulnerability in Opencart HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. | 4.7 |
| 2025-02-28 | CVE-2025-1748 | Cross-site Scripting vulnerability in Opencart HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. | 4.7 |
| 2025-02-28 | CVE-2025-1749 | Cross-site Scripting vulnerability in Opencart HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. | 4.7 |
| 2024-06-22 | CVE-2024-21515 | Cross-site Scripting vulnerability in Opencart This affects versions of the package opencart/opencart from 4.0.0.0. | 4.7 |
| 2024-06-22 | CVE-2024-21516 | Cross-site Scripting vulnerability in Opencart This affects versions of the package opencart/opencart from 4.0.0.0 and before 4.1.0.0. | 4.7 |
| 2024-06-22 | CVE-2024-21517 | Cross-site Scripting vulnerability in Opencart This affects versions of the package opencart/opencart from 4.0.0.0. | 6.1 |
| 2022-11-03 | CVE-2021-37823 | SQL Injection vulnerability in Opencart 3.0.3.7 OpenCart 3.0.3.7 allows users to obtain database information or read server files through SQL injection in the background. | 4.9 |
| 2022-06-24 | CVE-2013-1891 | Path Traversal vulnerability in Opencart 1.5.5.1 In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filemanager.php is ineffective and can be bypassed. | 6.5 |
| 2020-12-29 | CVE-2020-29471 | Cross-site Scripting vulnerability in Opencart 3.0.3.6 OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Profile Image. | 4.8 |