HTTP: Zen Cart Cross Site Scripting
This signature detects attempts to exploit a known cross-site scripting vulnerability in Zen Cart. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.
Extended Description
Zen Cart is prone to an arbitrary-file-upload vulnerability, a cross-site scripting vulnerability, and multiple HTML-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied input. Attackers can exploit these issues to upload and execute arbitrary PHP code in the context of the webserver process, steal cookie-based authentication information, execute arbitrary client-side scripts in the context of the browser, and obtain sensitive information. Other attacks are also possible. Zen Cart 1.3.9f and 1.3.9h are vulnerable; other versions may also be affected.
Affected Products
Zen_cart zen_cart
Short Name
HTTP:XSS:ZEN-CART
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Cart Cross Scripting Site Zen bid:47935
Release Date
05/31/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Zen_cart