CVE-2012-1413

Name of the Vulnerable Software and Affected Versions Zen Cart versions 1.5.0 and earlier

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the db username parameter to "zc install/index.php". This occurs when the software is being installed.

Recommendations For Zen Cart versions 1.5.0 and earlier, avoid using the db username parameter in the "zc install/index.php" endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the installation process to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.