CVE-2021-47953

high

Description

OpenCart 3.0.3.7 contains a cross-site request forgery vulnerability that allows attackers to change user passwords by sending crafted requests to the account/password endpoint. Attackers can trick authenticated users into submitting hidden forms with new password values in the 'password' and 'confirm' parameters to hijack accounts.

References

https://www.vulncheck.com/advisories/opencart-cross-site-request-forgery-via-account-password

https://www.exploit-db.com/exploits/49970

Details

Source: Mitre, NVD

Published: 2026-05-10

Updated: 2026-05-10

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Severity: High

Detections

Analytics