3 results (0.007 seconds)

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka Zen Cart Japanese edition) 1.3 jp through 1.3.0.2 jp8 and 1.5 ja through 1.5.1 ja allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to admin/includes/init_includes/init_sanitize.php and includes/init_includes/init_sanitize.php. Múltiples vulnerabilidades de XSS en zencart-ja (también conocido como Zen Cart Japanese edition) 1.3 jp hasta 1.3.0.2 jp8 y 1.5 ja hasta 1.5.1 ja permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de un parámetro manipulado, relacionado con admin/includes/init_includes/init_sanitize.php e includes/init_includes/init_sanitize.php. • http://jvn.jp/en/jp/JVN44544694/281242/index.html http://jvn.jp/en/jp/JVN44544694/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2015-000027 https://github.com/zencart-ja/zc-v1-series/commit/022949bd09444d7e58703cc537dbbd5744c381b8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.6EPSS: 0%CPEs: 25EXPL: 0

Cross-site scripting (XSS) vulnerability in zc_install/includes/modules/pages/database_setup/header_php.php in Zen Cart 1.5.0 and earlier, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the db_username parameter to zc_install/index.php. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en zc_install/includes/modules/pages/database_setup/header_php.php en Zen Cart 1.5.0 y anteriores cuando el software está siendo instalado, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro de db_username zc_install / index.php. • https://www.trustwave.com/spiderlabs/advisories/TWSL2012-004.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 2

Cross-site scripting (XSS) vulnerability in includes/templates/template_default/templates/tpl_gv_send_default.php in Zen Cart before 1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a gv_send action to index.php, a different vulnerability than CVE-2011-4547. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en en includes/templates/template_default/templates/tpl_gv_send_default.php en Zen Cart antes de v1.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro del mensaje en una acción gv_send a index.php. Se trata de una vulnerabilidad diferente a CVE-2011 hasta 4.547. • https://www.exploit-db.com/exploits/36346 http://www.securityfocus.com/bid/50787 https://exchange.xforce.ibmcloud.com/vulnerabilities/71519 https://www.dognaedis.com/vulns/DGS-SEC-8.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •