Medium severity4.2NVD Advisory· Published Jun 22, 2024· Updated Apr 29, 2026
CVE-2024-21517
CVE-2024-21517
Description
This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and Javascript into the page response. As this vulnerability is present in the account functionality it could be used to target and attack customers of the OpenCart shop. Notes: 1) The fix for this vulnerability is incomplete
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
opencart/opencartPackagist | >= 4.0.0.0 | — |
Affected products
3- osv-coords2 versions
>= 4.0.0-0+ 1 more
- (no CPE)range: >= 4.0.0-0
- (no CPE)range: >= 4.0.0.0
Patches
Vulnerability mechanics
References
4- github.com/opencart/opencart/commit/0fd1ee4b6c94366bf3e5d3831a8336f3275d1860nvdPatchWEB
- security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266577nvdExploitPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-qc3q-8rr8-8p5vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-21517ghsaADVISORY
News mentions
0No linked articles in our index yet.