Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. NOTE: 1.6.0 is not an official release but the vendor's README.md file offers a link to v160.zip with a description of "Download latest in-development version from github."

Related CVEs

CVE-2017-8833

Key Information

GHSA ID

GHSA-8qv8-58g4-wh94

Published

May 17, 2022 2:43 AM

Last Modified

May 17, 2022 2:43 AM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: August 30, 2025 6:32 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.