CVE-2015-2182

Name of the Vulnerable Software and Affected Versions ZeusCart version 4

Description The issue allows remote attackers to inject arbitrary web script or HTML via specific parameters in actions to index.php. This can be achieved through the schtlr parameter in a brands action or the brand parameter in a viewbrands action.

Recommendations For ZeusCart version 4, consider restricting access to the schtlr parameter in the brands action and the brand parameter in the viewbrands action to minimize the risk of exploitation. Avoid using these parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.