{"vulnerability": "CVE-2020-1059", "sightings": [{"uuid": "cdd30ff4-7130-4d69-9c06-29ca417fa8db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-10596", "type": "seen", "source": "https://t.me/arpsyndicate/4768", "content": "#ExploitObserverAlert\n\nCVE-2020-13980\n\nDESCRIPTION: Exploit Observer has 7 entries in 3 file formats related to CVE-2020-13980. OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section because of a lack of entity encoding. NOTE: this issue exists because of an incomplete fix for CVE-2020-10596. The vendor states \"this is not a massive issue as you are still required to be logged into the admin.\n\nFIRST-EPSS: 0.000720000\nNVD-IS: 2.7\nNVD-ES: 1.7\nARPS-PRIORITY: 0.8285297", "creation_timestamp": "2024-04-23T19:23:31.000000Z"}]}