About Us | Contact Us

 


 

VUPEN Free Resources
 
  VUPEN Security Advisories
 
  VUPEN Security Blog & News
  Zero-day Attacks Monitor
  Daily Security Mailinglist
  Explanation of Terms
  Advanced Search Engine
 
   

Zen Cart Unspecified Parameter Handling Client-Side Cross Site Scripting Vulnerabilities

VUPEN ID VUPEN/ADV-2007-0022
CVE ID CVE-2006-6868
 
CWE ID Available in VUPEN VNS Customer Area
CVSS V2 Available in VUPEN VNS Customer Area
Rated as Low Risk 
Impact Available in VUPEN VNS Customer Area
Authentication Level Available in VUPEN VNS Customer Area
Access Vector Available in VUPEN VNS Customer Area
Release Date 2007-01-03
Share Twitter LinkedIn Facebook Delicious Digg Slashdot

Technical Description

Multiple vulnerabilities have been identified in Zen Cart, which may be exploited by attackers to execute arbitrary scripting code. These issues are due to unspecified input validation errors when processing certain parameters, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.

Affected Products

Zen Cart versions prior to 1.3.7

Solution 

Upgrade to Zen Cart version 1.3.7 :
http://sourceforge.net/projects/zencart/

References

http://www.vupen.com/english/advisories/2007/0022
http://www.zen-cart.com/forum/showthread.php?t=54615

Credits 

Vulnerabilities reported by the vendor

Changelog 

2007-01-03 : Initial release

Feedback 

If you have additional information or corrections for this security advisory please submit them via our contact form.
 

Monthly Statistics 

 

 VUPEN Security Advisories By Criticality: Jul 2010


  Critical Risk

 : 18%

  High Risk		 : 10%

  Moderate Risk		 : 44%

  Low Risk		 : 28%

Get a real-time view of the vulnerabilities affecting your systems using the VUPEN VNS reporting capabilities.
 
 

Try VUPEN VNS 

 

 





© 2004-2010 VUPEN Security - Copyright - Privacy Policy