Vulnerability Details CVE-2020-29471
OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Profile Image. An admin can upload a profile image as a malicious code using JavaScript. Whenever anyone will see the profile picture, the code will execute and XSS will trigger.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.2%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5