Summary
The host is running Zen-cart and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site and also can conduct phishing attacks.
Impact Level: Application
Solution
No Solution is available as of 25th February, 2014.Information regarding this issue will be updated once the solution details are available. For more information refer to, http://www.zen-cart.com
Insight
The flaw are due to an,
- Error which fails to sanitize 'redirect' parameter properly.
- Insufficient validation of user-supplied input via the multiple POST parameters to multiple pages.
Affected
Zen-cart version 1.5.1.
Detection
Send a crafted exploit string via HTTP GET request and check whether it is vulnerable or not.
References
Updated on 2017-03-28
Severity
Classification
-
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N
Related Vulnerabilities
- Apache Struts2/XWork Remote Command Execution Vulnerability
- Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
- Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
- Apache ActiveMQ 'Cron Jobs' Cross Site Scripting Vulnerability
- 1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability