Signature Detail
Short Name |
HTTP:XSS:ZEN-CART |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Zen Cart Cross Site Scripting |
Release Date |
2011/05/31 |
Update Number |
1928 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Zen Cart Cross Site Scripting
This signature detects attempts to exploit a known cross-site scripting vulnerability in Zen Cart. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.
Extended Description
Zen Cart is prone to an arbitrary-file-upload vulnerability, a cross-site scripting vulnerability, and multiple HTML-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied input. Attackers can exploit these issues to upload and execute arbitrary PHP code in the context of the webserver process, steal cookie-based authentication information, execute arbitrary client-side scripts in the context of the browser, and obtain sensitive information. Other attacks are also possible. Zen Cart 1.3.9f and 1.3.9h are vulnerable; other versions may also be affected.
Affected Products
- Zen Cart 1.3.9f
- Zen Cart 1.3.9h
References
- BugTraq: 47935
- URL: http://www.zen-cart.com/