CVE-2025-1748

Source
https://cve.org/CVERecord?id=CVE-2025-1748
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-1748.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-1748
Aliases
Published
2025-02-28T13:43:11.346Z
Modified
2026-07-15T01:49:17.422667515Z
Severity
  • 4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N CVSS Calculator
Summary
HTML injection vulnerability in OpenCart
Details

HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying the parameter name in /account/register.

Database specific
{
    "cwe_ids": [
        "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/1xxx/CVE-2025-1748.json",
    "cna_assigner": "INCIBE",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "fixed": "4.1.0"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ]
}
References

Affected packages

Git / github.com/opencart/opencart

Affected ranges

Type
GIT
Repo
https://github.com/opencart/opencart
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:opencart:opencart:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.1.0.0"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

2.*
2.0.0.0
2.0.1.0
2.2.0.0
3.*
3.0.0.0
3.0.0.2
3.0.1.1
3.0.1.2
4.*
4.0.0.0
4.0.1.0
4.0.1.1
4.0.2.0
4.0.2.1
4.0.2.2
4.0.2.3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-1748.json"