Lucene search

K

PRIOn knowledge basePRION:CVE-2015-2182

HistoryMar 11, 2015 - 2:59 p.m.

Cross site scripting

2015-03-1114:59:00

PRIOn knowledge base

www.prio-n.com

2

5.9 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.5%

Multiple cross-site scripting (XSS) vulnerabilities in ZeusCart 4 allow remote attackers to inject arbitrary web script or HTML via the (1) schltr parameter in a brands action or (2) brand parameter in a viewbrands action to index.php. NOTE: The search parameter vector is already covered by CVE-2010-5322.

CPENameOperatorVersion
zeuscarteq4.0

References

osvdb.org/show/osvdb/68756

packetstormsecurity.com/files/130487/Zeuscart-4-Cross-Site-Scripting-SQL-Injection.html

seclists.org/fulldisclosure/2015/Feb/89

seclists.org/oss-sec/2015/q1/649

seclists.org/oss-sec/2015/q1/727

secpod.org/advisories/SECPOD_ZeusCart_XSS.txt

secpod.org/blog/?p=109

sroesemann.blogspot.de/2015/01/sroeadv-2015-12.html

www.securityfocus.com/bid/72761

github.com/ZeusCart/zeuscart/issues/28

www.exploit-db.com/exploits/36159

5.9 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.5%

Related for PRION:CVE-2015-2182

nvd2 cve2 cvelist2 prion1 seebug2 openvas1