Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka Zen Cart Japanese edition) 1.3 jp through 1.3.0.2 jp8 and 1.5 ja through 1.5.1 ja allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to admin/includes/init_includes/init_sanitize.php and includes/init_includes/init_sanitize.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zen-Cart | Zen Cart | 1.3.0.0 |
Related Weaknesses (CWE)
References
- http://jvn.jp/en/jp/JVN44544694/281242/index.htmlThird Party AdvisoryVDB Entry
- http://jvn.jp/en/jp/JVN44544694/index.htmlThird Party AdvisoryVDB Entry
- http://jvndb.jvn.jp/jvndb/JVNDB-2015-000027Third Party AdvisoryVDB Entry
- https://github.com/zencart-ja/zc-v1-series/commit/022949bd09444d7e58703cc537dbbdThird Party Advisory
- http://jvn.jp/en/jp/JVN44544694/281242/index.htmlThird Party AdvisoryVDB Entry
- http://jvn.jp/en/jp/JVN44544694/index.htmlThird Party AdvisoryVDB Entry
- http://jvndb.jvn.jp/jvndb/JVNDB-2015-000027Third Party AdvisoryVDB Entry
- https://github.com/zencart-ja/zc-v1-series/commit/022949bd09444d7e58703cc537dbbdThird Party Advisory
FAQ
What is CVE-2015-0882?
CVE-2015-0882 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka Zen Cart Japanese edition) 1.3 jp through 1.3.0.2 jp8 and 1.5 ja through 1.5.1 ja allow remote attackers to inject arbitrary web ...
How severe is CVE-2015-0882?
CVE-2015-0882 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-0882?
Check the references section above for vendor advisories and patch information. Affected products include: Zen-Cart Zen Cart.