Known Vulnerabilities for products from Zen-cart
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Zen-cart".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-32526 | Not Provided | 2026-03-25 | 2026-03-25 | |
| CVE-2026-24613 | Not Provided | 2026-01-23 | 2026-04-01 | |
| CVE-2026-4841 | Not Provided | 2026-03-26 | 2026-03-26 | |
| CVE-2025-66109 | Not Provided | 2025-11-21 | 2026-04-01 | |
| CVE-2025-60171 | Not Provided | 2025-09-26 | 2026-04-01 | |
| CVE-2025-52783 | Not Provided | 2025-06-20 | 2026-04-01 | |
| CVE-2025-50008 | Not Provided | 2025-06-20 | 2026-04-01 | |
| CVE-2025-48254 | Not Provided | 2025-05-19 | 2026-04-01 | |
| CVE-2025-48250 | Not Provided | 2025-05-19 | 2026-04-01 | |
| CVE-2025-47608 | Not Provided | 2025-06-09 | 2026-04-01 | |
| CVE-2021-3291 | Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules ... | 7.2 - HIGH | 2021-01-26 | 2021-03-09 |
| CVE-2020-6578 | Zen Cart 1.5.6d allows reflected XSS via the main_page parameter to includes/templates/template_default/common/tpl_main_page.... | 6.1 - MEDIUM | 2021-03-19 | 2021-03-25 |
| CVE-2017-11675 | The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key ... | 8.8 - HIGH | 2017-07-27 | 2017-08-04 |
| CVE-2017-10667 | In index.php in Zen Cart 1.6.0, the products_id parameter can cause XSS. | 6.1 - MEDIUM | 2017-06-29 | 2017-07-03 |
| CVE-2017-8833 | Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. NOTE: 1.6.0 is not an official release but the vendor's READM... | 6.1 - MEDIUM | 2017-05-08 | 2017-05-30 |
| CVE-2015-8352 | Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via ... | 9.8 - CRITICAL | 2017-08-24 | 2019-05-03 |
| CVE-2015-0882 | Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka Zen Cart Japanese edition) 1.3 jp through 1.3.0.2 jp8 ... | 4.3 - MEDIUM | 2015-02-27 | 2017-12-07 |
| CVE-2012-5808 | The LinkPoint module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name ... | 5.8 - MEDIUM | 2012-11-04 | 2012-11-05 |
| CVE-2012-5807 | The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domain name in the subject's C... | 5.8 - MEDIUM | 2012-11-04 | 2012-11-06 |
| CVE-2012-5806 | The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Co... | 5.8 - MEDIUM | 2012-11-04 | 2012-11-06 |
Known software with vulnerabilities from Zen-cart
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Zen-cart | Zen Cart | - |