{"id":"CVE-2025-1749","details":"HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying the parameter name in /account/voucher.","aliases":["BIT-opencart-2025-1749"],"modified":"2026-03-12T17:38:40.949287Z","published":"2025-02-28T14:15:35.760Z","references":[{"type":"ADVISORY","url":"https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-opencart"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/opencart/opencart","events":[{"introduced":"0"},{"fixed":"3e8221a5629cdaccf53067281c83e6c9e4453de4"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.1.0.0"}]}}],"versions":["2.0.0.0","2.0.1.0","2.0.1.1","2.0.2.0","2.0.3.0","2.0.3.1","2.1.0.0","2.1.0.1","2.2.0.0","2.3.0.0","2.3.0.1","2.3.0.2","3.0.0.0","3.0.0.2","3.0.1.1","3.0.1.2","3.0.2.0","4.0.0.0","4.0.1.0","4.0.1.1","4.0.2.0","4.0.2.1","4.0.2.2","4.0.2.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-1749.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N"}]}