ITAS Team has just found out a Cross-Site Scripting vulnerability in Zeuscard CMS. ITAS Team recommend that any individual or company is using this CMS should note and fix as soon as posible.

1. Vulnerability information:
– Vulnerability: Cross-Site Scripting
– Vendor: http://www.zeuscart.com
– Download link: http://zeuscart.com/download/
– Affected version: Zeuscart V4
– CVSS v3.0 Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
– Fix version: N/A
– Author: Dang Quoc Thai – thai.q.dang@itas.vn và ITAS Team

2. Vulnerability detail: Please watch the below video

3. Information disclosure:
+ 10/13/2015: Contact vendor
+ 10/16/2014: No response from vendor
+ 10/16/2015: Disclose information