Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2018-1000640

Date: August 20, 2018

OpenCart-Overclocked version <=1.11.1 contains a Cross Site Scripting (XSS) vulnerability in User input entered unsanitised within JS function in the template that can result in Unauthorised actions and access to data, stealing session information, denial of service. This attack appear to be exploitable via Malicious input passed in GET parameter.

Language: PHP

Severity Score

Related Resources (7)

https://0dd.zone/2018/08/05/OpenCart-Overclocked-Reflected-XSS
https://nvd.nist.gov/vuln/detail/CVE-2018-1000640
https://github.com/villagedefrance/OpenCart-Overclocked/issues/190
https://github.com/villagedefrance/OpenCart-Overclocked
https://0dd.zone/2018/08/05/OpenCart-Overclocked-Reflected-XSS/
https://github.com/418sec/OpenCart-Overclocked/pull/1
https://www.mend.io/vulnerability-database/CVE-2018-1000640

Severity Score

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us