CVE-2006-5119

Name of the Vulnerable Software and Affected Versions Zen Cart version 1.3.5

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to security breaches. This is achieved through multiple cross-site scripting (XSS) vulnerabilities. Specifically, the vulnerabilities exist in the admin name and admin pass parameters in the "admin/login.php" file, and the admin email parameter in the "admin/password forgotten.php" file.

Recommendations For Zen Cart version 1.3.5, as a temporary workaround, consider restricting access to the "admin/login.php" and "admin/password forgotten.php" files until a patch is available. Avoid using the admin name, admin pass, and admin email parameters in the affected files until the issue is resolved.