Description
Cross-site scripting (XSS) vulnerability in includes/templates/template_default/templates/tpl_gv_send_default.php in Zen Cart before 1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a gv_send action to index.php, a different vulnerability than CVE-2011-4547.
Remediation
References
Related Vulnerabilities
MySQL CVE-2018-2780 Vulnerability (CVE-2018-2780)
WordPress Plugin IP Ban Cross-Site Request Forgery (1.2.3)
WordPress Plugin Job Board by BestWebSoft Cross-Site Scripting (1.0.0)
Jenkins Improper Certificate Validation Vulnerability (CVE-2017-1000396)
WordPress Plugin Photospace Gallery Cross-Site Scripting (2.3.5)