CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2015-0882
https://notcve.org/view.php?id=CVE-2015-0882
27 Feb 2015 — Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka Zen Cart Japanese edition) 1.3 jp through 1.3.0.2 jp8 and 1.5 ja through 1.5.1 ja allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to admin/includes/init_includes/init_sanitize.php and includes/init_includes/init_sanitize.php. Múltiples vulnerabilidades de XSS en zencart-ja (también conocido como Zen Cart Japanese edition) 1.3 jp hasta 1.3.0.2 jp8 y 1.5 ja hasta 1.5.1 ja permiten a atacantes ... • http://jvn.jp/en/jp/JVN44544694/281242/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 25EXPL: 0CVE-2012-1413
https://notcve.org/view.php?id=CVE-2012-1413
27 May 2012 — Cross-site scripting (XSS) vulnerability in zc_install/includes/modules/pages/database_setup/header_php.php in Zen Cart 1.5.0 and earlier, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the db_username parameter to zc_install/index.php. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en zc_install/includes/modules/pages/database_setup/header_php.php en Zen Cart 1.5.0 y anteriores cuando el software está siendo instalado, permite a at... • https://www.trustwave.com/spiderlabs/advisories/TWSL2012-004.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 2CVE-2011-4567 – Zen Cart CMS 1.3.9h - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-4567
29 Nov 2011 — Cross-site scripting (XSS) vulnerability in includes/templates/template_default/templates/tpl_gv_send_default.php in Zen Cart before 1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a gv_send action to index.php, a different vulnerability than CVE-2011-4547. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en en includes/templates/template_default/templates/tpl_gv_send_default.php en Zen Cart antes de v1.5 permite a atacantes remotos inyecta... • https://www.exploit-db.com/exploits/36346 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 1CVE-2008-6986
https://notcve.org/view.php?id=CVE-2008-6986
18 Aug 2009 — SQL injection vulnerability in the actionMultipleAddProduct function in includes/classes/shopping_cart.php in Zen Cart 1.3.0 through 1.3.8a, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the products_id array parameter in a multiple_products_add_product action, a different vulnerability than CVE-2008-6985. Vulnerabilidad de inyección SQL en la función actionMultipleAddProduct en includes/classes/shopping_cart.php en Zen Cartv v1.3.0 hasta v1.3.8a, cuando ma... • http://secunia.com/advisories/31758 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 3CVE-2008-6985 – Zen Cart < 1.3.8a - SQL Injection
https://notcve.org/view.php?id=CVE-2008-6985
18 Aug 2009 — Multiple SQL injection vulnerabilities in includes/classes/shopping_cart.php in Zen Cart 1.2.0 through 1.3.8a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter when (1) adding or (2) updating the shopping cart. Múltiples vulnerabilidades de inyección SQL en includes/classes/shopping_cart.php en Zen Cart v1.2.0 a v1.3.8a, cuando magic_quotes_gpc está desactivado, permiten a atacantes remotos ejecutar comandos SQL a través del parámetro ID cuando... • https://www.exploit-db.com/exploits/43436 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 39%CPEs: 9EXPL: 3CVE-2009-2254 – Zen Cart 1.3.8 - SQL Execution
https://notcve.org/view.php?id=CVE-2009-2254
30 Jun 2009 — Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/sqlpatch.php, which allows remote attackers to execute arbitrary SQL commands via the query_string parameter in an execute action, in conjunction with a PATH_INFO of password_forgotten.php, related to a "SQL Execution" issue. Zen Cart v1.3.8a, v1.3.8 y anteriores no solicita una autenticación administrativa para admin/sqlpatch.php, lo que permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del par... • https://www.exploit-db.com/exploits/9005 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 57%CPEs: 9EXPL: 3CVE-2009-2255 – Zen Cart 1.3.8 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2009-2255
30 Jun 2009 — Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/record_company.php, which allows remote attackers to execute arbitrary code by uploading a .php file via the record_company_image parameter in conjunction with a PATH_INFO of password_forgotten.php, then accessing this file via a direct request to the file in images/. Zen Cart v1.3.8a, v1.3.8 y anteriores no requiere autenticación como administrador para el acceso a admin/record_company.php, lo que permite a atacant... • https://www.exploit-db.com/exploits/9004 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3597
https://notcve.org/view.php?id=CVE-2007-3597
06 Jul 2007 — Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows remote attackers to hijack web sessions by setting the Cookie parameter. Vulnerabilidad de fijación de sesión en Zen Cart 1.3.7 y versiones anteriores permite a atacantes remotos secuestrar sesiones web utilizando el parámetro Cookie. • http://osvdb.org/37836 • CWE-287: Improper Authentication •