Zen Cart 'keyword' parameter SQL Injection and Cross-Site Scripting Vulnerabilities

info
discussion
exploit
solution
references

Zen Cart 'keyword' parameter SQL Injection and Cross-Site Scripting Vulnerabilities

An attacker can exploit these issues via a browser. To exploit a cross-site scripting vulnerability, the attacker must entice a victim to follow a malicious URI.

The following proof-of-concept URIs are available:

/data/vulnerabilities/exploits/29020.html