| Título | osCommerce ltd. osCommerce 4 cross site scripting |
|---|
| Descripción | Hi,
While testing osCommerce ltd. program i came across a vulnerable to RXSS on /b2b-supermarket/catalog/all-products via keywords parameter
source: https://demo.oscommerce.com/b2b-supermarket/catalog/all-products?keywords=%27%22%3E%3Cimg%2Fsrc%3D1+onerror%3Dalert%28document.cookie%29%3E
Impact:
Attackers can execute scripts in a victim’s browser to hijack user sessions, deface web sites, insert hostile content, redirect users, hijack the user’s browser using malware, etc.
|
|---|
| Fuente | ⚠️ https://github.com/osCommerce/osCommerce-V4 |
|---|
| Usuario | xfwang (UID 59005) |
|---|
| Sumisión | 2023-11-26 11:42 (hace 3 años) |
|---|
| Moderación | 2023-12-08 09:03 (12 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 247245 [osCommerce 4 all-products keywords secuencias de comandos en sitios cruzados] |
|---|
| Puntos | 20 |
|---|