Summary
The host is running Zen-cart and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site and also can conduct phishing attacks.
Impact Level: Application
Solution
No Solution is available as of 25th February, 2014.Information regarding this issue will be updated once the solution details are available. For more information refer to, http://www.zen-cart.com
Insight
The flaw are due to an,
- Error which fails to sanitize 'redirect' parameter properly.
- Insufficient validation of user-supplied input via the multiple POST parameters to multiple pages.
Affected
Zen-cart version 1.5.1.
Detection
Send a crafted exploit string via HTTP GET request and check whether it is vulnerable or not.
References
Updated on 2017-03-28
Severity
Classification
-
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N
Related Vulnerabilities
- Apache CouchDB Cross Site Request Forgery Vulnerability
- Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
- Apache Web Server ETag Header Information Disclosure Weakness