CVE-2025-45892 – OpenCart 4.1.0.4 has a stored XSS vulnerability... (How to Fix)

Q: What is the severity of CVE-2025-45892?

CVE-2025-45892 has a CVSS score of 6.1 (MEDIUM). OpenCart 4.1.0.4 has a stored XSS vulnerability in the blog editor where unsanitized input allows attackers to inject malicious JavaScript. This affects all OpenCart administrators and potentially customers who view blog posts. Attackers can steal session cookies, redirect users, or perform actions as the victim.

📋 TL;DR

OpenCart 4.1.0.4 has a stored XSS vulnerability in the blog editor where unsanitized input allows attackers to inject malicious JavaScript. This affects all OpenCart administrators and potentially customers who view blog posts. Attackers can steal session cookies, redirect users, or perform actions as the victim.

💻 Affected Systems

Products:

OpenCart

Versions: 4.1.0.4

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations with blog module enabled and accessible to users with blog editing permissions.

📦 What is this software?

Opencart by Opencart

View all CVEs affecting Opencart →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator account takeover leading to complete compromise of the OpenCart store, including customer data theft, payment system manipulation, and website defacement.

🟠

Likely Case

Session hijacking of administrators or customers, credential theft, and malicious redirects to phishing sites.

🟢

If Mitigated

Limited impact with proper input validation and output encoding, potentially only affecting non-critical functionality.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to blog editor functionality, typically requiring at least contributor-level permissions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.1.0.5 or later

Vendor Advisory: https://www.opencart.com

Restart Required: No

Instructions:

1. Backup your OpenCart installation and database. 2. Download the latest OpenCart version from the official website. 3. Replace affected files with patched versions, focusing on blog editor components. 4. Clear cache and test blog functionality.

🔧 Temporary Workarounds

Disable Blog Module

all

Temporarily disable the blog module to prevent exploitation while patching.

Navigate to Extensions > Extensions > Modules > Blog and disable

Input Sanitization Filter

all

Implement custom input sanitization for blog editor fields.

Add HTMLPurifier or similar library to sanitize blog content before storage

🧯 If You Can't Patch

Restrict blog editor access to trusted administrators only
Implement WAF rules to block XSS payloads in blog content

🔍 How to Verify

Check if Vulnerable:

Check if OpenCart version is 4.1.0.4 and blog module is enabled.

Check Version:

Check admin dashboard or view system/info.php

Verify Fix Applied:

Verify OpenCart version is 4.1.0.5 or later and test blog editor with XSS payloads.

📡 Detection & Monitoring

Log Indicators:

Unusual blog post creations/modifications
JavaScript payloads in blog content fields
Multiple failed XSS attempts

Network Indicators:

Unexpected external script loads from blog pages
Suspicious redirects from blog URLs

SIEM Query:

source="opencart_logs" AND ("blog_editor" OR "blog_post") AND ("script" OR "javascript" OR "onload" OR "onerror")

📊 Metadata

CVE ID: CVE-2025-45892

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.03% exploit probability (8.7th percentile)

Published: July 25, 2025

Last Updated: August 7, 2025

🔗 References

https://packetstorm.news/files/id/202886 Third Party Advisory
https://www.opencart.com Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-45892, you might also want to check these: