First published: Tue Nov 29 2011(Updated: )
Cross-site scripting (XSS) vulnerability in includes/templates/template_default/templates/tpl_gv_send_default.php in Zen Cart before 1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a gv_send action to index.php, a different vulnerability than CVE-2011-4547.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zen Cart | <=1.3.9 | |
Zen Cart | =1.1.0 | |
Zen Cart | =1.1.3 | |
Zen Cart | =1.2.0d | |
Zen Cart | =1.2.1-patch1 | |
Zen Cart | =1.2.1d | |
Zen Cart | =1.2.2d | |
Zen Cart | =1.2.3d | |
Zen Cart | =1.2.4.1 | |
Zen Cart | =1.2.4d | |
Zen Cart | =1.2.5d | |
Zen Cart | =1.2.6d | |
Zen Cart | =1.3 | |
Zen Cart | =1.3.0.2 | |
Zen Cart | =1.3.2 | |
Zen Cart | =1.3.5 | |
Zen Cart | =1.3.6 | |
Zen Cart | =1.3.7 | |
Zen Cart | =1.3.8 | |
Zen Cart | =1.3.8a |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2011-4567 is considered a medium severity vulnerability due to its potential for unauthorized script injection.
To fix CVE-2011-4567, upgrade Zen Cart to version 1.5 or higher where the vulnerability is patched.
CVE-2011-4567 affects Zen Cart versions prior to 1.5, including 1.3.8a, 1.3.2, 1.3.0.2, and others.
CVE-2011-4567 is a Cross-site Scripting (XSS) vulnerability.
Yes, CVE-2011-4567 can be exploited remotely, allowing attackers to inject arbitrary web scripts.