Description
OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Profile Image. An admin can upload a profile image as a malicious code using JavaScript. Whenever anyone will see the profile picture, the code will execute and XSS will trigger.
Remediation
References
Related Vulnerabilities
osCommerce Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2002-1991)
WordPress Plugin Backup by Supsystic Local File Inclusion (2.3.9)
Moodle Improper Authentication Vulnerability (CVE-2021-40693)
WordPress Plugin Echo Sign Multiple Cross-Site Scripting Vulnerabilities (1.1)