CVE-2012-1413

2012-05-27T15:55:01
ID CVE-2012-1413
Type cve
Reporter NVD
Modified 2012-05-28T00:00:00

Description

Cross-site scripting (XSS) vulnerability in zc_install/includes/modules/pages/database_setup/header_php.php in Zen Cart 1.5.0 and earlier, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the db_username parameter to zc_install/index.php.