CVSS: 6.1EPSS: 10%CPEs: 1EXPL: 8CVE-2015-2182 – Zeuscart 4.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-2182
11 Mar 2015 — Multiple cross-site scripting (XSS) vulnerabilities in ZeusCart 4 allow remote attackers to inject arbitrary web script or HTML via the (1) schltr parameter in a brands action or (2) brand parameter in a viewbrands action to index.php. NOTE: The search parameter vector is already covered by CVE-2010-5322. Múltiples vulnerabilidades de XSS en ZeusCart 4 permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través (1) del parámetro schltr en una acción brands o (2) del parámetr... • https://www.exploit-db.com/exploits/36159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 8%CPEs: 1EXPL: 9CVE-2010-5322 – Zeuscart 4.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-5322
11 Mar 2015 — Cross-site scripting (XSS) vulnerability in ZeusCart 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action to index.php. Vulnerabilidad de XSS en ZeusCart 4.0 y anteriores permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro search en una acción de búsqueda en index.php. • https://www.exploit-db.com/exploits/36159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 17%CPEs: 1EXPL: 7CVE-2015-2184 – Zeuscart 4.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-2184
10 Mar 2015 — ZeusCart 4 allows remote attackers to obtain configuration information via a getphpinfo action to admin/, which calls the phpinfo function. ZeusCart 4 permite a atacantes remotos obtener información de configuraciones a través de una acción getphpinfo en admin/, que llama a la función phpinfo. • https://www.exploit-db.com/exploits/36159 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •