CVE-2012-1413
low
CVSS v3
—
CVSS v2
2.6
VIR risk
2.6
Description
Cross-site scripting (XSS) vulnerability in zc_install/includes/modules/pages/database_setup/header_php.php in Zen Cart 1.5.0 and earlier, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the db_username parameter to zc_install/index.php.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| zen-cart | zen_cart | | |
| zen-cart | zen_cart | 1.1.0 | |
| zen-cart | zen_cart | 1.1.3 | |
| zen-cart | zen_cart | 1.2.0d | |
| zen-cart | zen_cart | 1.2.1 | |
| zen-cart | zen_cart | 1.2.1_patch1 | |
| zen-cart | zen_cart | 1.2.1d | |
| zen-cart | zen_cart | 1.2.2d | |
| zen-cart | zen_cart | 1.2.3d | |
| zen-cart | zen_cart | 1.2.4.1 | |
| zen-cart | zen_cart | 1.2.4d | |
| zen-cart | zen_cart | 1.2.5d | |
| zen-cart | zen_cart | 1.2.6d | |
| zen-cart | zen_cart | 1.3 | |
| zen-cart | zen_cart | 1.3.0.2 | |
| zen-cart | zen_cart | 1.3.2 | |
| zen-cart | zen_cart | 1.3.5 | |
| zen-cart | zen_cart | 1.3.6 | |
| zen-cart | zen_cart | 1.3.7 | |
| zen-cart | zen_cart | 1.3.8 | |
| zen-cart | zen_cart | 1.3.8a | |
| zen-cart | zen_cart | 1.3.9 | |
| zen-cart | zen_cart | 1.3.9h | |
| zen-cart | zen_cart | 2008 | |
References
CWEs
CWE-79
Verify integrity in audit chain (admin only). AS-IS.