Vulnerabilities > Opencart > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-05-26 CVE-2018-11495 Path Traversal vulnerability in Opencart
OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the download_id.
network
low complexity
opencart CWE-22
4.9
2016-01-12 CVE-2015-4671 Cross-site Scripting vulnerability in Opencart
Cross-site scripting (XSS) vulnerability in OpenCart before 2.1.0.2 allows remote attackers to inject arbitrary web script or HTML via the zone_id parameter to index.php.
network
low complexity
opencart CWE-79
6.1