Known Vulnerabilities for products from Opencart
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Opencart".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-5331 json | Not Provided | 2026-04-02 | 2026-04-02 | |
| CVE-2025-22335 json | Not Provided | 2025-01-07 | 2026-04-23 | |
| CVE-2025-15116 json | A security flaw has been discovered in OpenCart up to 4.1.0.3. Affected by this issue is some unknown functionality of the co... | Not Provided | 2025-12-28 | 2026-04-29 |
| CVE-2025-0974 json | Not Provided | 2025-02-03 | 2026-04-19 | |
| CVE-2024-51835 json | Not Provided | 2024-11-19 | 2026-04-23 | |
| CVE-2024-21517 json | This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect par... | Not Provided | 2024-06-22 | 2026-04-29 |
| CVE-2024-21516 json | This affects versions of the package opencart/opencart from 4.0.0.0 and before 4.1.0.0. A reflected XSS issue was identified ... | Not Provided | 2024-06-22 | 2026-04-29 |
| CVE-2024-21515 json | This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename par... | Not Provided | 2024-06-22 | 2026-04-29 |
| CVE-2023-47444 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2023-11-15 | 2023-11-21 |
| CVE-2023-40834 json | OpenCart v4.0.2.2 is vulnerable to Brute Force Attack. | 9.8 - CRITICAL | 2023-09-12 | 2024-03-08 |
| CVE-2023-2315 json | Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log c... | 8.8 - HIGH | 2023-09-27 | 2023-09-27 |
| CVE-2021-47953 json | Not Provided | 2026-05-10 | 2026-05-11 | |
| CVE-2021-47946 json | Not Provided | 2026-05-10 | 2026-05-12 | |
| CVE-2021-47928 json | Not Provided | 2026-05-10 | 2026-05-11 | |
| CVE-2021-47923 json | Not Provided | 2026-05-10 | 2026-05-11 | |
| CVE-2021-37823 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 4.9 - MEDIUM | 2022-11-03 | 2022-12-03 |
| CVE-2020-29471 json | OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Profile Image. An admin can upload a profile image as a mal... | 4.8 - MEDIUM | 2020-12-29 | 2020-12-30 |
| CVE-2020-29470 json | OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Subject field of mail. This vulnerability can allow an atta... | 4.8 - MEDIUM | 2020-12-29 | 2020-12-30 |
| CVE-2020-28838 json | Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows attacker to add cart items via ... | 3.5 - LOW | 2020-12-11 | 2020-12-15 |
| CVE-2020-20491 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.2 - HIGH | 2023-06-20 | 2023-06-27 |
Known software with vulnerabilities from Opencart
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Opencart | Opencart | 1.5.5.1 |