Known Vulnerabilities for products from Zen-cart
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Zen-cart".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-40098 json | Not Provided | 2026-04-20 | 2026-04-20 | |
| CVE-2026-39564 json | Not Provided | 2026-04-08 | 2026-04-14 | |
| CVE-2026-32526 json | Not Provided | 2026-03-25 | 2026-03-25 | |
| CVE-2026-24613 json | Not Provided | 2026-01-23 | 2026-04-01 | |
| CVE-2026-6370 json | Not Provided | 2026-04-15 | 2026-04-16 | |
| CVE-2026-4841 json | Not Provided | 2026-03-26 | 2026-03-26 | |
| CVE-2026-4090 json | Not Provided | 2026-04-22 | 2026-04-22 | |
| CVE-2026-3599 json | Not Provided | 2026-04-16 | 2026-04-16 | |
| CVE-2026-2838 json | Not Provided | 2026-04-08 | 2026-04-08 | |
| CVE-2026-0552 json | Not Provided | 2026-04-04 | 2026-04-06 | |
| CVE-2021-3291 json | Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules ... | 7.2 - HIGH | 2021-01-26 | 2021-03-09 |
| CVE-2020-6578 json | Zen Cart 1.5.6d allows reflected XSS via the main_page parameter to includes/templates/template_default/common/tpl_main_page.... | 6.1 - MEDIUM | 2021-03-19 | 2021-03-25 |
| CVE-2017-11675 json | The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key ... | 8.8 - HIGH | 2017-07-27 | 2017-08-04 |
| CVE-2017-10667 json | In index.php in Zen Cart 1.6.0, the products_id parameter can cause XSS. | 6.1 - MEDIUM | 2017-06-29 | 2017-07-03 |
| CVE-2017-8833 json | Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. NOTE: 1.6.0 is not an official release but the vendor's READM... | 6.1 - MEDIUM | 2017-05-08 | 2017-05-30 |
| CVE-2015-8352 json | Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via ... | 9.8 - CRITICAL | 2017-08-24 | 2019-05-03 |
| CVE-2015-0882 json | Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka Zen Cart Japanese edition) 1.3 jp through 1.3.0.2 jp8 ... | 4.3 - MEDIUM | 2015-02-27 | 2017-12-07 |
| CVE-2012-5808 json | The LinkPoint module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name ... | 5.8 - MEDIUM | 2012-11-04 | 2012-11-05 |
| CVE-2012-5807 json | The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domain name in the subject's C... | 5.8 - MEDIUM | 2012-11-04 | 2012-11-06 |
| CVE-2012-5806 json | The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Co... | 5.8 - MEDIUM | 2012-11-04 | 2012-11-06 |
Known software with vulnerabilities from Zen-cart
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Zen-cart | Zen Cart | - |