Description
Cross-site scripting (XSS) vulnerability in includes/templates/template_default/templates/tpl_gv_send_default.php in Zen Cart before 1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a gv_send action to index.php, a different vulnerability than CVE-2011-4547.
Remediation
References
Related Vulnerabilities
WordPress Plugin Google XML Sitemap for Videos Cross-Site Request Forgery (2.6.1)
WordPress Plugin Easy PayPal Buy Now Button Cross-Site Scripting (1.7.3)
WordPress Plugin WP Auctions 'wpa_id' Parameter SQL Injection (1.8.8)
WordPress Plugin Minimal Coming Soon & Maintenance Mode-Coming Soon Page Security Bypass (2.15)