ITAS Team found out a Cross-Site Scripting vulnerability in Zeuscart CMS
ITAS Team has just found out a Cross-Site Scripting vulnerability in Zeuscard CMS. ITAS Team recommend that any individual or company is using this CMS should note and fix as soon as posible.
1. Vulnerability information:
– Vulnerability: Cross-Site Scripting
– Vendor: http://www.zeuscart.com
– Download link: http://zeuscart.com/download/
– Affected version: Zeuscart V4
– CVSS v3.0 Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
– Fix version: N/A
– Author: Dang Quoc Thai – thai.q.dang@itas.vn và ITAS Team
2. Vulnerability detail: Please watch the below video
3. Information disclosure:
+ 10/13/2015: Contact vendor
+ 10/16/2014: No response from vendor
+ 10/16/2015: Disclose information