Description

Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka Zen Cart Japanese edition) 1.3 jp through 1.3.0.2 jp8 and 1.5 ja through 1.5.1 ja allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to admin/includes/init_includes/init_sanitize.php and includes/init_includes/init_sanitize.php.

Remediation

References

CVE-2015-0882

Related Vulnerabilities

WordPress Plugin Responsive WordPress Slider Cross-Site Scripting (2.2.0)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery SQL Injection (1.3.29)

Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-1133)

TCExam Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-4237)

WordPress Plugin Formidable Forms-Contact Form, Survey, Quiz, Calculator & Custom Form Builder Multiple Vulnerabilities (2.05.01)

Severity

Medium

Classification

CVE-2015-0882 CWE-707

Tags

Missing Update Known Vulnerabilities