Description

Cross-site scripting (XSS) vulnerability in zc_install/includes/modules/pages/database_setup/header_php.php in Zen Cart 1.5.0 and earlier, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the db_username parameter to zc_install/index.php.

Remediation

References

CVE-2012-1413

Related Vulnerabilities

WordPress Plugin Premium Addons for Elementor Multiple Cross-Site Scripting Vulnerabilities (4.2.7)

WordPress Plugin Facebook Like Box Cross-Site Request Forgery (2.8.2)

WordPress Plugin WordPress Calls to Action Unspecified Vulnerability (2.3.5)

WordPress Plugin Votecount for Balatarin Cross-Site Scripting (0.1.1)

MySQL CVE-2021-2010 Vulnerability (CVE-2021-2010)

Severity

Low

Classification

CVE-2012-1413 CWE-707

Tags

Missing Update Known Vulnerabilities