Cross-site Scripting (XSS) Vulnerability in WP e-Commerce

ID HTB23031
Type htbridge
Reporter High-Tech Bridge
Modified 2011-07-13T00:00:00


High-Tech Bridge SA Security Research Lab has discovered vulnerability in WP e-Commerce, which can be exploited to perform cross-site scripting attacks.

1) Cross-site scripting (XSS) vulnerability in WP e-Commerce
Input passed via the cart_messages[] parameter to /wp-content/plugins/wp-e-commerce/wpsc-theme/wpsc-cart_widget.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser in context of an affected website.
Exploitation example:
http://[host]/wp-content/plugins/wp-e-commerce/wpsc-theme/wpsc-cart_widget.p hp?cart_messages[]=%3Cimg%20src=1%20onerror=javascript:alert%28document.cook ie%29%3E
Successful exploitation of the vulnerability requires that "register_globals" is enabled.