Comersus ASP Shopping Cart comersus_message.asp message Variable XSS

2004-08-02T08:56:30
ID OSVDB:8283
Type osvdb
Reporter Abdul Azis(az001@plasa.com)
Modified 2004-08-02T08:56:30

Description

Vulnerability Description

Comersus Shopping Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the input passed to the "message" parameter in comersus_message.asp prior to returning it to the user. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Technical Description

http://www.target.net/comersus/store/comersus_message.asp?message=<h4>VULNERABLE</h4>

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Comersus Shopping Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the input passed to the "message" parameter in comersus_message.asp prior to returning it to the user. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

References:

Vendor URL: http://www.comersus.org Secunia Advisory ID:12183 Related OSVDB ID: 8284 Related OSVDB ID: 8285 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1142.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-08/0005.html