osCommerce osCsid Parameter XSS

2003-12-18T07:09:18
ID OSVDB:3074
Type osvdb
Reporter OSVDB
Modified 2003-12-18T07:09:18

Description

Vulnerability Description

osCommerce contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the osCsid variable upon submission. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade to version osCommerce 2.2 Milestone 3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

osCommerce contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the osCsid variable upon submission. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/?osCsid="><malicious_code>

References:

Vendor URL: http://www.oscommerce.com/downloads/snapshot Vendor Specific Advisory URL Secunia Advisory ID:10457 Nessus Plugin ID:11958 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-12/0256.html ISS X-Force ID: 14025 CVE-2003-1219 Bugtraq ID: 9238