Description
Cross-site scripting (XSS) vulnerability in includes/templates/template_default/templates/tpl_gv_send_default.php in Zen Cart before 1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a gv_send action to index.php, a different vulnerability than CVE-2011-4547.
Remediation
References
Related Vulnerabilities
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5264)
WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.24)
WebLogic CVE-2018-3213 Vulnerability (CVE-2018-3213)
WordPress Plugin Export Users With Meta SQL Injection (0.6.4)
Moodle Incorrect Authorization Vulnerability (CVE-2021-40692)