Description
Zen Cart 1.5.6d allows reflected XSS via the main_page parameter to includes/templates/template_default/common/tpl_main_page.php or includes/templates/responsive_classic/common/tpl_main_page.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Shopping Cart & eCommerce Store Cross-Site Request Forgery (5.1.0)
WordPress Plugin WP-VR-view-Add Photo Sphere, 360 video to WordPress Cross-Site Scripting (1.6)
Microsoft SQL Server CVE-2023-21704 Vulnerability (CVE-2023-21704)
Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2017-7490)