Unrated severityNVD Advisory· Published Feb 27, 2015· Updated May 6, 2026

CVE-2015-0882

Description

Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka Zen Cart Japanese edition) 1.3 jp through 1.3.0.2 jp8 and 1.5 ja through 1.5.1 ja allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to admin/includes/init_includes/init_sanitize.php and includes/init_includes/init_sanitize.php.

Affected products

Zen Cart/Zen Cart5 versions
cpe:2.3:a:zen-cart:zen_cart:1.3.0.0:*:*:ja:*:*:*:*+ 4 more
- cpe:2.3:a:zen-cart:zen_cart:1.3.0.0:*:*:ja:*:*:*:*
- cpe:2.3:a:zen-cart:zen_cart:1.3.0.1:*:*:ja:*:*:*:*
- cpe:2.3:a:zen-cart:zen_cart:1.3.0.2:*:*:ja:*:*:*:*
- cpe:2.3:a:zen-cart:zen_cart:1.5.0:*:*:ja:*:*:*:*
- cpe:2.3:a:zen-cart:zen_cart:1.5.1:*:*:ja:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

jvn.jp/en/jp/JVN44544694/281242/index.htmlnvdThird Party AdvisoryVDB Entry
jvn.jp/en/jp/JVN44544694/index.htmlnvdThird Party AdvisoryVDB Entry
jvndb.jvn.jp/jvndb/JVNDB-2015-000027nvdThird Party AdvisoryVDB Entry
github.com/zencart-ja/zc-v1-series/commit/022949bd09444d7e58703cc537dbbd5744c381b8nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000