CVE-2020-6578

Cross-site Scripting in packagist/zencart/zencart

Identifier

CVE-2020-6578

Package Slug

packagist/zencart/zencart

Vulnerability

Cross-site Scripting

Description

Zen Cart d allows reflected XSS via the mainpage parameter to `includes/templates/templatedefault/common/tplmainpage.phporincludes/templates/responsiveclassic/common/tplmain_page.php`.

Affected Versions

Version 1.5.6d

Solution

Upgrade to version 1.5.7a or above.

Last Modified

2021-03-25

source