CVE-2024-21517

Name of the Vulnerable Software and Affected Versions opencart/opencart version 4.0.0.0

Description A reflected XSS issue was identified in the redirect parameter of the "customer account/login" route. An attacker can inject arbitrary HTML and Javascript into the page response. This issue is present in the account functionality and could be used to target and attack customers of the OpenCart shop.

Recommendations As a temporary workaround, consider restricting access to the vulnerable redirect parameter in the customer account/login route until a complete fix is available. Note: The current fix for this issue is incomplete, so it is essential to monitor for updates and apply a complete fix as soon as it becomes available. At the moment, there is no information about a newer version that contains a complete fix for this vulnerability.