CVE-2015-2182

ZeusCart 4 - Cross-Site Scripting via schltr or brand Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-2182. PoCs published by Steffen Rösemann.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in Zeuscart v.4, including XSS, SQLi, and information disclosure. It provides technical details, exploit examples, and a timeline of vendor communication.

Description

Multiple cross-site scripting (XSS) vulnerabilities in ZeusCart 4 allow remote attackers to inject arbitrary web script or HTML via the (1) schltr parameter in a brands action or (2) brand parameter in a viewbrands action to index.php. NOTE: The search parameter vector is already covered by CVE-2010-5322.

Exploits (1)

exploitdb WRITEUP

by Steffen Rösemann · textwebappsphp

https://www.exploit-db.com/exploits/36159

View Code ZIP pw:eip

This advisory details multiple vulnerabilities in Zeuscart v.4, including XSS, SQLi, and information disclosure. It provides technical details, exploit examples, and a timeline of vendor communication.

Classification

Writeup 100%

Attack Type

Xss | Sqli | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Zeuscart v.4

No auth needed

Prerequisites: Access to the target application

MITRE ATT&CK