Description
Cross-site scripting (XSS) vulnerability in includes/templates/template_default/templates/tpl_gv_send_default.php in Zen Cart before 1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a gv_send action to index.php, a different vulnerability than CVE-2011-4547.
Exploits (1)
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71519
Exploit x_refsource_misc
https://www.dognaedis.com/vulns/DGS-SEC-8.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/50787
Scores
EPSS
0.0042
EPSS Percentile
62.3%
Details
CWE
CWE-79
Status
published
Products (20)
zen-cart/zen_cart
1.1.0
zen-cart/zen_cart
1.1.3
zen-cart/zen_cart
1.2.0d
zen-cart/zen_cart
1.2.1 patch1
zen-cart/zen_cart
1.2.1d
zen-cart/zen_cart
1.2.2d
zen-cart/zen_cart
1.2.3d
zen-cart/zen_cart
1.2.4.1
zen-cart/zen_cart
1.2.4d
zen-cart/zen_cart
1.2.5d
... and 10 more
Published
Nov 29, 2011
Tracked Since
Feb 18, 2026