Description
Cross-site scripting (XSS) vulnerability in zc_install/includes/modules/pages/database_setup/header_php.php in Zen Cart 1.5.0 and earlier, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the db_username parameter to zc_install/index.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Premium Addons for Elementor Multiple Cross-Site Scripting Vulnerabilities (4.2.7)
WordPress Plugin Facebook Like Box Cross-Site Request Forgery (2.8.2)
WordPress Plugin WordPress Calls to Action Unspecified Vulnerability (2.3.5)
WordPress Plugin Votecount for Balatarin Cross-Site Scripting (0.1.1)