Opencart · Opencart · CVE-2020-10596
**Name of the Vulnerable Software and Affected Versions**
OpenCart version 3.0.3.2
**Description**
The issue allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading an image with a crafted filename in the users' image upload section.
**Recommendations**
For OpenCart version 3.0.3.2, consider restricting image uploads or validating filenames to prevent malicious input until a fix is available.