11 results (0.015 seconds)

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka Zen Cart Japanese edition) 1.3 jp through 1.3.0.2 jp8 and 1.5 ja through 1.5.1 ja allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to admin/includes/init_includes/init_sanitize.php and includes/init_includes/init_sanitize.php. Múltiples vulnerabilidades de XSS en zencart-ja (también conocido como Zen Cart Japanese edition) 1.3 jp hasta 1.3.0.2 jp8 y 1.5 ja hasta 1.5.1 ja permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de un parámetro manipulado, relacionado con admin/includes/init_includes/init_sanitize.php e includes/init_includes/init_sanitize.php. • http://jvn.jp/en/jp/JVN44544694/281242/index.html http://jvn.jp/en/jp/JVN44544694/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2015-000027 https://github.com/zencart-ja/zc-v1-series/commit/022949bd09444d7e58703cc537dbbd5744c381b8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.6EPSS: 0%CPEs: 25EXPL: 0

Cross-site scripting (XSS) vulnerability in zc_install/includes/modules/pages/database_setup/header_php.php in Zen Cart 1.5.0 and earlier, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the db_username parameter to zc_install/index.php. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en zc_install/includes/modules/pages/database_setup/header_php.php en Zen Cart 1.5.0 y anteriores cuando el software está siendo instalado, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro de db_username zc_install / index.php. • https://www.trustwave.com/spiderlabs/advisories/TWSL2012-004.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 2

Cross-site scripting (XSS) vulnerability in includes/templates/template_default/templates/tpl_gv_send_default.php in Zen Cart before 1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a gv_send action to index.php, a different vulnerability than CVE-2011-4547. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en en includes/templates/template_default/templates/tpl_gv_send_default.php en Zen Cart antes de v1.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro del mensaje en una acción gv_send a index.php. Se trata de una vulnerabilidad diferente a CVE-2011 hasta 4.547. • https://www.exploit-db.com/exploits/36346 http://www.securityfocus.com/bid/50787 https://exchange.xforce.ibmcloud.com/vulnerabilities/71519 https://www.dognaedis.com/vulns/DGS-SEC-8.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 1

SQL injection vulnerability in the actionMultipleAddProduct function in includes/classes/shopping_cart.php in Zen Cart 1.3.0 through 1.3.8a, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the products_id array parameter in a multiple_products_add_product action, a different vulnerability than CVE-2008-6985. Vulnerabilidad de inyección SQL en la función actionMultipleAddProduct en includes/classes/shopping_cart.php en Zen Cartv v1.3.0 hasta v1.3.8a, cuando magic_quotes_gpc es desactivada, permite a atacantes remotos ejecutar comandos SQL a su elección a través del parámetro products_id en una acción multiple_products_add_product, una vulnerabilidad diferente a CVE-2008-6985. • http://secunia.com/advisories/31758 http://www.gulftech.org/?node=research&article_id=00129-09042008 http://www.osvdb.org/48347 http://www.securityfocus.com/archive/1/496002/100/0/threaded http://www.securityfocus.com/archive/1/496032/100/100/threaded http://www.securityfocus.com/bid/31023 http://www.zen-cart.com/forum/showthread.php?p=604473 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 3

Multiple SQL injection vulnerabilities in includes/classes/shopping_cart.php in Zen Cart 1.2.0 through 1.3.8a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter when (1) adding or (2) updating the shopping cart. Múltiples vulnerabilidades de inyección SQL en includes/classes/shopping_cart.php en Zen Cart v1.2.0 a v1.3.8a, cuando magic_quotes_gpc está desactivado, permiten a atacantes remotos ejecutar comandos SQL a través del parámetro ID cuando (1) se añade algo o (2) se actualiza el carrito de la compra. • https://www.exploit-db.com/exploits/43436 http://secunia.com/advisories/31758 http://www.gulftech.org/?node=research&article_id=00129-09042008 http://www.osvdb.org/48346 http://www.securityfocus.com/archive/1/496002/100/0/threaded http://www.securityfocus.com/archive/1/496032/100/100/threaded http://www.securityfocus.com/bid/31023 http://www.zen-cart.com/forum/showthread.php?p=604473 https://exchange.xforce.ibmcloud.com/vulnerabilities/44917 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •