Description

Cross-site scripting (XSS) vulnerability in zc_install/includes/modules/pages/database_setup/header_php.php in Zen Cart 1.5.0 and earlier, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the db_username parameter to zc_install/index.php.

Remediation

References

CVE-2012-1413

Related Vulnerabilities

Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-11820)

XWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2023-34466)

WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.12)

Oracle JRE CVE-2012-5087 Vulnerability (CVE-2012-5087)

WordPress Plugin WP TFeed includes Backdoor [Only if downloaded via the vendor website] (1.6.7)

Severity

Low

Classification

CVE-2012-1413 CWE-707

Tags

Missing Update Known Vulnerabilities