Known Vulnerabilities for products from Zen-cart

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Zen-cart".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-53787 json Not Provided 2026-06-12 2026-06-12
CVE-2026-48868 json Not Provided 2026-06-15 2026-06-15
CVE-2026-46408 json Not Provided 2026-05-15 2026-05-15
CVE-2026-44826 json Not Provided 2026-05-15 2026-05-15
CVE-2026-42839 json Not Provided 2026-06-03 2026-06-03
CVE-2026-42776 json Not Provided 2026-05-25 2026-05-26
CVE-2026-40098 json Not Provided 2026-04-20 2026-04-20
CVE-2026-39564 json Not Provided 2026-04-08 2026-04-14
CVE-2026-39470 json Not Provided 2026-06-15 2026-06-15
CVE-2026-24613 json Not Provided 2026-01-23 2026-04-28
CVE-2021-3291 json Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules ... 7.2 - HIGH 2021-01-26 2021-03-09
CVE-2020-6578 json Zen Cart 1.5.6d allows reflected XSS via the main_page parameter to includes/templates/template_default/common/tpl_main_page.... 6.1 - MEDIUM 2021-03-19 2021-03-25
CVE-2017-11675 json The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key ... Not Provided 2017-07-27 2025-04-20
CVE-2017-10667 json In index.php in Zen Cart 1.6.0, the products_id parameter can cause XSS. Not Provided 2017-06-29 2025-04-20
CVE-2017-8833 json Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. NOTE: 1.6.0 is not an official release but the vendor's READM... Not Provided 2017-05-08 2025-04-20
CVE-2015-8352 json Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via ... 9.8 - CRITICAL 2017-08-24 2019-05-03
CVE-2015-0882 json Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka Zen Cart Japanese edition) 1.3 jp through 1.3.0.2 jp8 ... Not Provided 2015-02-27 2026-05-06
CVE-2012-5808 json The LinkPoint module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name ... Not Provided 2012-11-04 2026-04-29
CVE-2012-5807 json The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domain name in the subject's C... Not Provided 2012-11-04 2026-04-29
CVE-2012-5806 json The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Co... Not Provided 2012-11-04 2026-04-29
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Zen-cart

Type Vendor Product Version
ApplicationZen-cartZen Cart-
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report