Vulnerabilities > Opencart > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-26 | CVE-2018-11495 | Path Traversal vulnerability in Opencart OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the download_id. | 4.9 |
| 2016-01-12 | CVE-2015-4671 | Cross-site Scripting vulnerability in Opencart Cross-site scripting (XSS) vulnerability in OpenCart before 2.1.0.2 allows remote attackers to inject arbitrary web script or HTML via the zone_id parameter to index.php. | 6.1 |