CVE-2015-0882

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2015-0882
Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka Zen Cart Japanese edition) 1.3 jp through 1.3.0.2 jp8 and 1.5 ja through 1.5.1 ja allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to admin/includes/init_includes/init_sanitize.php and includes/init_includes/init_sanitize.php.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://jvn.jp/en/jp/JVN44544694/281242/index.html Third Party Advisory VDB Entry
http://jvn.jp/en/jp/JVN44544694/index.html Third Party Advisory VDB Entry
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000027 Third Party Advisory VDB Entry
https://github.com/zencart-ja/zc-v1-series/commit/022949bd09444d7e58703cc537dbbd5744c381b8 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zen-cart:zen_cart:1.3.0.0:*:*:ja:*:*:*:*
cpe:2.3:a:zen-cart:zen_cart:1.3.0.1:*:*:ja:*:*:*:*
cpe:2.3:a:zen-cart:zen_cart:1.3.0.2:*:*:ja:*:*:*:*
cpe:2.3:a:zen-cart:zen_cart:1.5.0:*:*:ja:*:*:*:*
cpe:2.3:a:zen-cart:zen_cart:1.5.1:*:*:ja:*:*:*:*
History

No history.

Information

Published : 2015-02-27 02:59

Updated : 2023-12-10 11:31

NVD link : CVE-2015-0882

Mitre link : CVE-2015-0882

CVE.ORG link : CVE-2015-0882

JSON object : View

Products Affected

zen-cart

  • zen_cart
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')