Arbitrary Script Injection in Zen Cart's tpl_gv_send_default.php Template

Arbitrary Script Injection in Zen Cart's tpl_gv_send_default.php Template

CVE-2011-4567 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in includes/templates/template_default/templates/tpl_gv_send_default.php in Zen Cart before 1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a gv_send action to index.php, a different vulnerability than CVE-2011-4547.

Learn more about our Web App Pen Testing.