XSS in Zen-cart Zen_cart
CVE-2011-4567
Cross-site scripting (XSS) vulnerability in includes/templates/template_default/templates/tpl_gv_send_default.php in Zen Cart before 1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a gv_send…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.016 (72.8th percentile) — read the EPSS interpretation.
Affected products
- Zen-cart Zen_cart — versions 1.1.0, 1.1.3, 1.2.0d
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (Exploit, x_refsource_MISC)
- cve@mitre.org (vdb-entry, x_refsource_BID)