CVE-2020-29471

Name of the Vulnerable Software and Affected Versions OpenCart version 3.0.3.6

Description The issue concerns cross-site scripting (XSS) in the Profile Image feature. An admin can upload a malicious code using JavaScript as a profile image. When the profile picture is viewed, the code executes, triggering the XSS.

Recommendations For OpenCart version 3.0.3.6, as a temporary workaround, consider disabling the profile image upload feature until a patch is available. Restrict access to the profile picture display to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.