CVE-2011-4567
Last modified
CVE-2011-4567 is a vulnerability of currently unknown severity. Cross-site scripting (XSS) vulnerability in includes/templates/template_default/templates/tpl_gv_send_default.php in Zen Cart before 1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a gv_send action to index.php, a different vulnerability than CVE-2011-4547.. EPSS estimates a 1.61% chance of exploitation in the next 30 days.
Description
Cross-site scripting (XSS) vulnerability in includes/templates/template_default/templates/tpl_gv_send_default.php in Zen Cart before 1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a gv_send action to index.php, a different vulnerability than CVE-2011-4547.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Zen-Cart | Zen Cart | <= 1.3.9 | — |
| Zen-Cart | Zen Cart | 1.1.0 | — |
| Zen-Cart | Zen Cart | 1.1.3 | — |
| Zen-Cart | Zen Cart | 1.2.0d | — |
| Zen-Cart | Zen Cart | 1.2.1 | Patch1 |
| Zen-Cart | Zen Cart | 1.2.1d | — |
| Zen-Cart | Zen Cart | 1.2.2d | — |
| Zen-Cart | Zen Cart | 1.2.3d | — |
| Zen-Cart | Zen Cart | 1.2.4.1 | — |
| Zen-Cart | Zen Cart | 1.2.4d | — |
| Zen-Cart | Zen Cart | 1.2.5d | — |
| Zen-Cart | Zen Cart | 1.2.6d | — |
| Zen-Cart | Zen Cart | 1.3 | — |
| Zen-Cart | Zen Cart | 1.3.0.2 | — |
| Zen-Cart | Zen Cart | 1.3.2 | — |
| Zen-Cart | Zen Cart | 1.3.5 | — |
| Zen-Cart | Zen Cart | 1.3.6 | — |
| Zen-Cart | Zen Cart | 1.3.7 | — |
| Zen-Cart | Zen Cart | 1.3.8 | — |
| Zen-Cart | Zen Cart | 1.3.8a | — |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2011-4567?
How severe is CVE-2011-4567?
How do I fix CVE-2011-4567?
Are you affected by CVE-2011-4567?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST