Naxtor Shopping Cart lost_passowrd.php email Variable XSS

2005-08-02T05:41:54
ID OSVDB:18498
Type osvdb
Reporter John Cobb(JohnC@NoBytes.com)
Modified 2005-08-02T05:41:54

Description

Vulnerability Description

Naxtor Shopping Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'email' variable upon submission to the 'lost_passowrd.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Naxtor Shopping Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'email' variable upon submission to the 'lost_passowrd.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/lost_passowrd.php?&email=<script>var%20xss=31337;alert(xss);</script>&reset=reset

References:

Vendor URL: http://www.naxtor.com.au/ Security Tracker: 1014613 Secunia Advisory ID:16262 Related OSVDB ID: 18499 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0034.html Keyword: NOBYTES.COM: #8 ISS X-Force ID: 21676 CVE-2005-2476 Bugtraq ID: 14454