opencart

Top products

The 15 most recently published vulnerabilities affecting opencart.

• CVE-2021-47953OpenCart 3.0.3.7 Cross-Site Request Forgery via account/password4.3May 10, 2026
• CVE-2021-47946OpenCart 3.0.3.6 Account Takeover via Cross Site Request Forgery5.3May 10, 2026
• CVE-2021-47923OpenCart 3.0.3.8 Session Fixation via OCSESSID Cookie9.8May 10, 2026
• CVE-2024-58341OpenCart Core 4.0.2.3 SQL Injection via search Parameter8.2Mar 25, 2026
• CVE-2026-3714OpenCart Incomplete Fix CVE-2024-36694 template.php save special elements used in a template engine4.7Mar 8, 2026
• CVE-2025-15116OpenCart Single-Use Coupon race condition3.7Dec 28, 2025
• CVE-2025-45893OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting (XSS) attack via SVG file uploads used in blog posts. The vulnerability arises because SVG files uploaded through the media m...6.1Jul 25, 2025
• CVE-2025-45892OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting (XSS) attack via the blog editor. The vulnerability arises because input in the blog's editor is not properly sanitized or es...6.1Jul 25, 2025
• CVE-2025-1749HTML injection vulnerability in OpenCart4.7Feb 28, 2025
• CVE-2025-1748HTML injection vulnerability in OpenCart4.7Feb 28, 2025
• CVE-2025-1747HTML injection vulnerability in OpenCart4.7Feb 28, 2025
• CVE-2025-1746Cross-Site Scripting vulnerability in OpenCart6.1Feb 28, 2025
• CVE-2024-36694OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection (SSTI) via the Theme Editor Function.7.2Dec 18, 2024
• CVE-2024-21516This affects versions of the package opencart/opencart from 4.0.0.0 and before 4.1.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An at...4.2Jun 22, 2024
• CVE-2024-21519This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the datab...6.6Jun 22, 2024