X-Cart Gold product.php Multiple Variable XSS

2005-05-30T10:18:27
ID OSVDB:16937
Type osvdb
Reporter CENSORED(censored@mail.ru)
Modified 2005-05-30T10:18:27

Description

Vulnerability Description

X-Cart Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'productid' or 'mode' variables upon submission to the product.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade to version 4.0.12 or higher, as it has been reported to fix this vulnerability. In addition, Qualiteam Corporation has released a patch for some older versions.

Short Description

X-Cart Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'productid' or 'mode' variables upon submission to the product.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/product.php?productid='><script>alert(document.cookie)</script> http://[victim]/product.php?mode='><script>alert(document.cookie)</script>

References:

Vendor URL: http://www.x-cart.com/ Security Tracker: 1014077 Secunia Advisory ID:15555 Related OSVDB ID: 16938 Related OSVDB ID: 16940 Related OSVDB ID: 16942 Related OSVDB ID: 16943 Related OSVDB ID: 16944 Related OSVDB ID: 16936 Related OSVDB ID: 16939 Related OSVDB ID: 16941 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-05/0340.html ISS X-Force ID: 20774 CVE-2005-1823 Bugtraq ID: 13817