CVE-2026-3714

Medium CVSS: 5.1

A vulnerability has been found in OpenCart 4.0.2.3. Affected by this issue is the function Save of the file admin/controller/design/template.php of the component Incomplete Fix CVE-2024-36694. Such manipulation leads to improper neutralization of special elements used in a template engine. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Opencart

Product

Opencart

CWE

CWE-791

Yayın Tarihi

2026-03-08 07:16:13

Güncelleme

2026-03-09 18:37:31

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-791 Opencart MEDIUM Opencart 2026

Referanslar

https://drive.google.com/file/d/1_ZCvICLKo8AOovDkKFHwsBxh-ciwbElS/view?usp=drive_link https://vuldb.com/?ctiid.349659 https://vuldb.com/?id.349659 https://vuldb.com/?submit.765176

Benzer Kayıtlar

High

CVE-2024-58341

OpenCart Core 4.0.2.3 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate databas…

Medium

CVE-2025-15116

A security flaw has been discovered in OpenCart up to 4.1.0.3. Affected by this issue is some unknown functionality of t…

Medium

CVE-2025-45892

OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting (XSS) attack via the blog editor. The vulnerabil…

Medium

CVE-2025-45893

OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting (XSS) attack via SVG file uploads used in blog p…

Medium

CVE-2025-1747

HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to mod…

Medium

CVE-2025-1748

HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to mod…