Uncategorized

ITAS Team found out a Cross-Site Scripting vulnerability in Zeuscart CMS

Posted on by admin

ITAS Team found out a Cross-Site Scripting vulnerability in Zeuscart CMS

ITAS Team has just found out a Cross-Site Scripting vulnerability in Zeuscard CMS. ITAS Team recommend that any individual or company is using this CMS should note and fix as soon as posible.

1. Vulnerability information:
– Vulnerability: Cross-Site Scripting
– Vendor: http://www.zeuscart.com
– Download link: http://zeuscart.com/download/
– Affected version: Zeuscart V4
– CVSS v3.0 Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
– Fix version: N/A
– Author: Dang Quoc Thai – thai.q.dang@itas.vn và ITAS Team

2. Vulnerability detail: Please watch the below video

https://youtube.com/watch?v=CPgzAra_mXw%3Fwmode%3Dtransparent%26vq%3Dhd1080%26rel%3D0%26showinfo%3D0%26iframe%3D1%26fs%3D1%26modestbranding%3D0%26autoplay%3D1%26theme%3Ddark%26feature%3Doembed

3. Information disclosure:
+ 10/13/2015: Contact vendor
+ 10/16/2014: No response from vendor
+ 10/16/2015: Disclose information

admin

Leave a Reply

Your email address will not be published. Required fields are marked *