Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

nopCommerce 3.70 Cross Site Scripting

🗓️ 15 Aug 2016 00:00:00Reported by Tal ArgoniType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 43 Views

Reflected Cross Site Scripting (XSS) Vulnerability in "successful registration" page of nopCommerce 3.7

Code
`Security Advisory  
CVE-ID: N/A  
Topic: Reflected Cross Site Scripting (XSS) Vulnerability in  
"successful registration" page  
Class: Input Validation  
Severity: Medium  
Discovery: 2016-04-28  
Vendor Notification: 2016-04-28  
Vendor response: 2016-05-30  
Vendor Patch: 2016-05-31  
Public Announced: 2016-08-15  
Credits: Tal Argoni, CEH from Triad Security [http://www.triadsec.com/]  
Affects: nopCommerce, open-source & free e-commerce solution 3.70  
Resolved: Version 3.8  
  
I. Background  
nopCommerce is open-source e-commerce shopping cart web application  
written in MVC.NET. After  
anonymous user successfully registered the application, the  
application return the user a successful  
registration page with "continue to the shop" button. The  
redirection's parameter (returnurl) value is  
supplied by the user and echo without output validation to the browser.  
  
II. Problem Description  
Reflected cross-site scripting vulnerabilities arise when data is  
copied from a request and echoed into  
the application's immediate response in an unsafe way. The injected  
code is not stored within the  
application itself; it is only impacts users who open a maliciously  
crafted link or third-party web page.  
The attack string is included as part of the crafted URI or HTTP  
parameters, improperly processed by the  
application, and returned to the victim.  
Exploit code/POC:  
http://VulnopCommerce/registerresult/1?returnurl=%2fcustomer%2finfo'%3balert("hacked+by+triad+s  
ecurity")%3b%2f%2f  
  
III. Impact  
The attacker-supplied code can perform a wide variety of actions, such  
as stealing the victim's session  
token or login credentials, performing arbitrary actions on the  
victim's behalf, and logging their  
keystrokes.  
IV. Workaround  
You can work around this problem by doing the following:  
1. It is recommended to use HTML-encoded at any point where it is  
copied into application  
responses.  
  
V. Solution  
Download vendor patch from http://www.nopcommerce.com .  
Update to version 3.8  
  
VI. References  
http://www.triadsec.com/  
https://www.linkedin.com/in/talargoni  
https://github.com/nopSolutions/nopCommerce/commit/364091c16bae533a6c00c0f3bd920ed15da25f  
77  
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
15 Aug 2016 00:00Current
7.4High risk
Vulners AI Score7.4
security advisoryinput validationmedium severitydiscovery 2016-04-28vendor patch 2016-05-31cross-site scriptingvulnerabilitynopcommercee-commerce solution 3.70mvc.netexploitimpactworkaroundsolutiontriad securityowasp
43