CVE-2008-6616
published 2009-04-06CVE-2008-6616: Cross-site scripting (XSS) vulnerability in index.php in Zen Software Zen Cart 2008 allows remote attackers to inject arbitrary web script or HTML via the…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.44%
69.8th percentile
Cross-site scripting (XSS) vulnerability in index.php in Zen Software Zen Cart 2008 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in the advanced_search_result page. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zen-cart | zen_cart | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Windows Explorer - '.zip' Denial of Service
exploitdb·2008-09-28
CVE-2008-4323 Microsoft Windows Explorer - '.zip' Denial of Service
Microsoft Windows Explorer - '.zip' Denial of Service
---
Sucessfully tested on Microsoft Windows Xp Pro sp3 English.
If you open with Winzip sometimes the exeption doesen't occur.
Just right click the file and explorer will crash.
|---
CMP BYTE PTR DS:[EDX+EAX-1],2E
ESP 0007E328
EBP 0007E358
Access Violation [FFFFFFFF]
---|
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/6616.zip (2008-ExplorerDOS.zip)
# milw0rm.com [2008-09-28]
Exploit-DB
Zen Cart 2008 - 'index.php?keyword' Cross-Site Scripting
exploitdb·2008-05-02
CVE-2008-6616 Zen Cart 2008 - 'index.php?keyword' Cross-Site Scripting
Zen Cart 2008 - 'index.php?keyword' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/29020/info
Zen Cart is prone to a cross-site scripting vulnerability and an SQL-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Zen Cart 2008 is vulnerable; other versions may also be affected.
http://www.example.com/ZenCart/index.php?main_page=advanced_search_result&search_in_description=1&zenid=bla&keyword=>
No writeups or analysis indexed.
http://downloads.securityfocus.com/vulnerabilities/exploits/29020.htmlhttp://www.securityfocus.com/bid/29020https://exchange.xforce.ibmcloud.com/vulnerabilities/42162http://downloads.securityfocus.com/vulnerabilities/exploits/29020.htmlhttp://www.securityfocus.com/bid/29020https://exchange.xforce.ibmcloud.com/vulnerabilities/42162
2009-04-06
Published