CVE-2017-8833
Zen Cart 1.6.0 (development version) contains a cross-site scripting (XSS) flaw in the main_page parameter of index.php. The vulnerability stems from insufficient sanitization of input to the main_page parameter, allowing injection of arbitrary script/HTML. Public references indicate 1.6.0 is in-...