X-Cart contains multiple vulnerabilities

2015-04-02T00:00:00
ID VU:924124
Type cert
Reporter CERT
Modified 2015-04-02T15:47:00

Description

Overview

X-Cart versions 5.1.6 through 5.1.10 are vulnerable to cross-site scripting (XSS), and versions 5.1.10 and below are vulnerable to authorization bypass.

Description

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - CVE-2015-0950

X-Cart versions 5.1.6 through 5.1.10 contain a reflected cross-site scripting (XSS) vulnerability. An attacker can inject arbitrary script via the query string parameter substring in admin.php.

CWE-639: Authorization Bypass Through User-Controlled Key - CVE-2015-0951

X-Cart versions 5.1.10 and below contain an insecure direct object reference vulnerability. An attacker can obtain or delete address data associated with other user accounts by manipulating parameters in requests to update or remove addresses. The CVSS score below reflects this issue.


Impact

A remote, unauthenticated attacker may be able to execute arbitrary script in the context of the end-user's browser session. A remote, authenticated attacker may be able to obtain or remove data associated with other users' accounts.


Solution

Apply an update

The vendor has released X-Cart 5.1.11 to address the vulnerabilities. Users are advised to upgrade.


Vendor Information

924124

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

X-Cart __ Affected

Notified: February 03, 2015 Updated: April 02, 2015

Statement Date: February 26, 2015

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

  • <https://blog.x-cart.com/5-1-11-released.html>

Addendum

X-Cart versions 5.1.6 through 5.1.10 are vulnerable to cross-site scripting (XSS), and versions 5.1.10 and below are vulnerable to authorization bypass through insecure direct object reference.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | 6.5 | AV:N/AC:L/Au:S/C:P/I:P/A:P
Temporal | 4.8 | E:POC/RL:OF/RC:UR
Environmental | 3.6 | CDP:N/TD:M/CR:ND/IR:ND/AR:ND

References

  • <http://www.x-cart.com/>
  • <https://blog.x-cart.com/5-1-11-released.html>
  • <http://cwe.mitre.org/data/definitions/79.html>
  • <http://cwe.mitre.org/data/definitions/639.html>

Acknowledgements

Thanks to Yasser Ali for reporting this vulnerability.

This document was written by Joel Land.

Other Information

CVE IDs: | CVE-2015-0950, CVE-2015-0951
---|---
Date Public: | 2015-04-02
Date First Published: | 2015-04-02
Date Last Updated: | 2015-04-02 15:47 UTC
Document Revision: | 13