Submit #243620: osCommerce ltd. osCommerce 4 cross site scriptinginfo

TitelosCommerce ltd. osCommerce 4 cross site scripting
BeschreibungHi, While testing osCommerce ltd. program i came across a vulnerable to RXSS on /b2b-supermarket/catalog/all-products via keywords parameter source: https://demo.oscommerce.com/b2b-supermarket/catalog/all-products?keywords=%27%22%3E%3Cimg%2Fsrc%3D1+onerror%3Dalert%28document.cookie%29%3E Impact: Attackers can execute scripts in a victim’s browser to hijack user sessions, deface web sites, insert hostile content, redirect users, hijack the user’s browser using malware, etc.
Quelle⚠️ https://github.com/osCommerce/osCommerce-V4
Benutzer
 xfwang (UID 59005)
Einreichung26.11.2023 11:42 (vor 3 Jahren)
Moderieren08.12.2023 09:03 (12 days later)
StatusAkzeptiert
VulDB Eintrag247245 [osCommerce 4 all-products keywords Cross Site Scripting]
Punkte20

ZurückÜbersichtWeiter

Want to know what is going to be exploited?

We predict KEV entries!