Lucene search
+L

JShop XSS Vulnerability

🗓️ 03 Nov 2005 00:00:00Reported by Copyright (C) 2004 Noam RathausType 
openvas
 openvas
🔗 plugins.openvas.org👁 29 Views

JShop XSS Vulnerability, allows malicious JavaScript executio

Related
Refs
Code
ReporterTitlePublishedViews
Family
CVE
CVE-2004-2084
19 May 200504:00
cve
Cvelist
CVE-2004-2084
19 May 200504:00
cvelist
Exploit DB
JShop E-Commerce Suite xSearch Cross-Site Scripting Vulnerability
9 Feb 200400:00
exploitdb
EUVD
EUVD-2004-2076
7 Oct 202500:30
euvd
NVD
CVE-2004-2084
7 Feb 200405:00
nvd
# SPDX-FileCopyrightText: 2004 Noam Rathaus
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.14352");
  script_version("2023-12-13T05:05:23+0000");
  script_tag(name:"last_modification", value:"2023-12-13 05:05:23 +0000 (Wed, 13 Dec 2023)");
  script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
  script_cve_id("CVE-2004-2084");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/11003");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/12403");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/9609");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_name("JShop XSS Vulnerability");
  script_category(ACT_ATTACK);
  script_copyright("Copyright (C) 2004 Noam Rathaus");
  script_family("Web application abuses");
  script_dependencies("find_service.nasl", "no404.nasl", "webmirror.nasl", "DDI_Directory_Scanner.nasl", "gb_php_http_detect.nasl", "cross_site_scripting.nasl", "global_settings.nasl");
  script_require_ports("Services/www", 80);
  script_exclude_keys("Settings/disable_cgi_scanning");

  script_tag(name:"solution", value:"Upgrade to the latest version of this software");

  script_tag(name:"summary", value:"J-Shop is prone to a cross-site scripting (XSS) vulnerability.");

  script_tag(name:"insight", value:"The remote version of this software is vulnerable to an XSS
  attack. An attacker can exploit it by compromising the parameters to the files help.php and/or
  search.php.");

  script_tag(name:"impact", value:"This can be used to take advantage of the trust between a client and server
  allowing the malicious user to execute malicious JavaScript on the client's machine.");

  script_tag(name:"qod", value:"50"); # Prone to false positives
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("http_func.inc");
include("http_keepalive.inc");
include("port_service_func.inc");
include("list_array_func.inc");

port = http_get_port( default:80 );
if( ! http_can_host_php( port:port ) ) exit( 0 );

host = http_host_name( dont_add_port:TRUE );
if( http_get_has_generic_xss( port:port, host:host ) ) exit( 0 );

foreach dir( make_list_unique( "/", http_cgi_dirs( port:port ) ) ) {

  if( dir == "/" ) dir = "";
  url = dir + "/page.php?xPage=<script>alert(document.cookie)</script>";

  if( http_vuln_check( port:port, url:url, check_header:TRUE, pattern:"<script>alert\(document.cookie\)</script>" ) ) {
    report = http_report_vuln_url( port:port, url:url );
    security_message( port:port, data:report );
    exit( 0 );
  }
}

exit( 99 );

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

13 Dec 2023 00:00Current
5.8Medium risk
Vulners AI Score5.8
CVSS 24.3
EPSS0.01398
29