Arbitrary Script Injection in Zen Cart's tpl_gv_send_default.php Template
CVE-2011-4567 · MEDIUM Severity
AV:N/AC:M/AU:N/C:N/I:P/A:N
Cross-site scripting (XSS) vulnerability in includes/templates/template_default/templates/tpl_gv_send_default.php in Zen Cart before 1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a gv_send action to index.php, a different vulnerability than CVE-2011-4547.
Learn more about our Web App Pen Testing.