CVE-2012-1413

Zen-cart Zen Cart - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in zc_install/includes/modules/pages/database_setup/header_php.php in Zen Cart 1.5.0 and earlier, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the db_username parameter to zc_install/index.php.

References (1)

Scores

EPSS 0.0022
EPSS Percentile 45.0%

Classification

CWE
CWE-79
Status published

Affected Products (25)

zen-cart/zen_cart
zen-cart/zen_cart
zen-cart/zen_cart
zen-cart/zen_cart
zen-cart/zen_cart
zen-cart/zen_cart
zen-cart/zen_cart
zen-cart/zen_cart
zen-cart/zen_cart
zen-cart/zen_cart
zen-cart/zen_cart
zen-cart/zen_cart
zen-cart/zen_cart
zen-cart/zen_cart
zen-cart/zen_cart
... and 10 more

Timeline

Published May 27, 2012
Tracked Since Feb 18, 2026