Zen Cart 1.5.6d allows reflected XSS via the main_page parameter to includes/templates/template_default/common/tpl_main_page.php or includes/templates/responsive_classic/common/tpl_main_page.php.
Max CVSS
6.1
EPSS Score
0.08%
Published
2021-03-19
Updated
2021-03-25
In index.php in Zen Cart 1.6.0, the products_id parameter can cause XSS.
Max CVSS
6.1
EPSS Score
0.06%
Published
2017-06-29
Updated
2017-07-03
Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. NOTE: 1.6.0 is not an official release but the vendor's README.md file offers a link to v160.zip with a description of "Download latest in-development version from github."
Max CVSS
6.1
EPSS Score
0.09%
Published
2017-05-08
Updated
2017-05-30
3 vulnerabilities found