Summary
The host is running Zen-cart and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site and also can conduct phishing attacks.
Impact Level: Application
Solution
No Solution is available as of 25th February, 2014.Information regarding this issue will be updated once the solution details are available. For more information refer to, http://www.zen-cart.com
Insight
The flaw are due to an,
- Error which fails to sanitize 'redirect' parameter properly.
- Insufficient validation of user-supplied input via the multiple POST parameters to multiple pages.
Affected
Zen-cart version 1.5.1.
Detection
Send a crafted exploit string via HTTP GET request and check whether it is vulnerable or not.
References
Updated on 2017-03-28
Severity
Classification
-
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N
Related Vulnerabilities
- Apache ActiveMQ 'Cron Jobs' Cross Site Scripting Vulnerability
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
- @Mail 'MailType' Parameter Cross Site Scripting Vulnerability
- Admidio get_file.php Remote File Disclosure Vulnerability