ShopXS v4.0 XSS vuln.

2006-04-11T00:00:00
ID SECURITYVULNS:DOC:12152
Type securityvulns
Reporter Securityvulns
Modified 2006-04-11T00:00:00

Description

ShopXS v4.0 XSS vuln.

Vuln. discovered by : r0t Date: 10 april 2006 vendor:MK Internet-Service GmbH vendorlink:http://www.shopxs.de/ affected versions:ShopXS-Version 4.00 and previous orginal advisory:http://pridels.blogspot.com/2006/04/shopxs-v40-xss-vuln_10.html

Vuln. Description:

Input passed to the search module field parameter when performing a search isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Solution: Edit the source code to ensure that input is properly sanitised.

Greetings to: der4444,xaPridel,cembo,g0df4th3r, waraxe,FrozenEye,str0ke,RaZbh,rst team,nst team, Minsk,:[PsiHOdelik]:,damrai,UFoloG,verified team, clanger,Hello_its_me,johnco,Txuri,The Cracker, mag2000,fredrau,owen and to all X-ACCESS team!

More information @ unsecured-systems.com/forum/