CVE-2011-4567
published 2011-11-29CVE-2011-4567: Cross-site scripting (XSS) vulnerability in includes/templates/template_default/templates/tpl_gv_send_default.php in Zen Cart before 1.5 allows remote…
PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.61%
72.9th percentile
Cross-site scripting (XSS) vulnerability in includes/templates/template_default/templates/tpl_gv_send_default.php in Zen Cart before 1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a gv_send action to index.php, a different vulnerability than CVE-2011-4547.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zen-cart | zen_cart | <= 1.3.9 | — |
| zen-cart | zen_cart | — | — |
| zen-cart | zen_cart | — | — |
| zen-cart | zen_cart | — | — |
| zen-cart | zen_cart | — | — |
| zen-cart | zen_cart | — | — |
| zen-cart | zen_cart | — | — |
| zen-cart | zen_cart | — | — |
| zen-cart | zen_cart | — | — |
| zen-cart | zen_cart | — | — |
| zen-cart | zen_cart | — | — |
| zen-cart | zen_cart | — | — |
| zen-cart | zen_cart | — | — |
| zen-cart | zen_cart | — | — |
| zen-cart | zen_cart | — | — |
| zen-cart | zen_cart | — | — |
| zen-cart | zen_cart | — | — |
| zen-cart | zen_cart | — | — |
| zen-cart | zen_cart | — | — |
| zen-cart | zen_cart | — | — |
| zen-cart | zen_cart | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wfvm-36j4-hjcm: Multiple cross-site scripting (XSS) vulnerabilities in includes/templates/template_default/common/tpl_header_test_info
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2011-4547 [MEDIUM] CWE-79 GHSA-wfvm-36j4-hjcm: Multiple cross-site scripting (XSS) vulnerabilities in includes/templates/template_default/common/tpl_header_test_info
Multiple cross-site scripting (XSS) vulnerabilities in includes/templates/template_default/common/tpl_header_test_info.php in Zen Cart 1.3.9h, when debugging is enabled, might allow remote attackers to inject arbitrary web script or HTML via the (1) main_page parameter or (2) PATH_INFO, a different vulnerability than CVE-2011-4567.
GHSA
GHSA-7p3c-8vw3-3j6h: Cross-site scripting (XSS) vulnerability in includes/templates/template_default/templates/tpl_gv_send_default
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2011-4567 [MEDIUM] CWE-79 GHSA-7p3c-8vw3-3j6h: Cross-site scripting (XSS) vulnerability in includes/templates/template_default/templates/tpl_gv_send_default
Cross-site scripting (XSS) vulnerability in includes/templates/template_default/templates/tpl_gv_send_default.php in Zen Cart before 1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a gv_send action to index.php, a different vulnerability than CVE-2011-4547.
No detection rules found.
No writeups or analysis indexed.
2011-11-29
Published