Zen Cart@1.3.9h Security Vulnerabilities and Issues — Zen Cart@1.3.9h CVE List

Lucene search

Zen-cartZen Cart1.3.9h

3 matches found

CVE•added 2012/05/27 7:55 p.m.•45 views

CVE-2012-1413

Cross-site scripting (XSS) vulnerability in zc_install/includes/modules/pages/database_setup/header_php.php in Zen Cart 1.5.0 and earlier, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the db_username parameter to zc_install/index.php.

2.6CVSS5.9AI score0.00225EPSS

CVE•added 2015/04/24 2:59 p.m.•44 views

CVE-2011-4403

Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote attackers to hijack the authentication of administrators for requests that (1) delete a product via a delete_product_confirm action to product.php or (2) disable a product via a setflag action to categories.p...

5.8CVSS7.4AI score0.00393EPSS

CVE•added 2011/11/29 12:55 a.m.•37 views

CVE-2011-4547

Multiple cross-site scripting (XSS) vulnerabilities in includes/templates/template_default/common/tpl_header_test_info.php in Zen Cart 1.3.9h, when debugging is enabled, might allow remote attackers to inject arbitrary web script or HTML via the (1) main_page parameter or (2) PATH_INFO, a different...

4.3CVSS5.8AI score0.00404EPSS