CVE-2025-45893 | THREATINT

Description

OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting (XSS) attack via SVG file uploads used in blog posts. The vulnerability arises because SVG files uploaded through the media manager are not properly sanitized. Attackers can craft a malicious SVG file containing embedded JavaScript

PUBLISHED Reserved 2025-04-22 | Published 2025-07-25 | Updated 2025-07-25 | Assigner mitre

References

www.opencart.com

packetstorm.news/files/id/202886

cve.org (CVE-2025-45893)

nvd.nist.gov (CVE-2025-45893)

Download JSON