CVE-2015-0882

Name of the Vulnerable Software and Affected Versions zencart-ja versions 1.3 jp through 1.3.0.2 jp8 zencart-ja versions 1.5 ja through 1.5.1 ja

Description The issue allows remote attackers to inject arbitrary web script or HTML via a crafted parameter. This is related to the files admin/includes/init includes/init sanitize.php and includes/init includes/init sanitize.php.

Recommendations For zencart-ja versions 1.3 jp through 1.3.0.2 jp8, consider restricting access to the init sanitize.php files until a patch is available. For zencart-ja versions 1.5 ja through 1.5.1 ja, avoid using crafted parameters in the affected files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.