| Titolo | nopCommerce up to 4.2.0 News and Blog Stored Cross Site Scripting (XSS) |
|---|
| Descrizione | The application does not consistently validate client side input, and as a result of this it was identified that the web application was vulnerable to Stored Cross-Site Scripting.
The affected functionality is the SaveStoreMappings of the components \Presentation\Nop.Web\Areas\Admin\Controllers\NewsController.cs and \Presentation\Nop.Web\Areas\Admin\Controllers\BlogController.cs. CWE classifies this vulnerability as CWE-79. The issue is know to affect confidentiality and integrity. The issue has not been assigned a CVE ID yet.
The issue was discovered by Alessandro Magnosi (d3adc0de) on 12/04/2019. The exploitability is told to be easy. It is possible to launch the attack remotely. A single authentication is necessary for exploitation. Technical details are known as well as a proof-of-concept payload, but no real exploit has been released.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
It should be noted that the vulnerability has been found within an HTML content editor, which is naturally more affected by this kind of vulnerability, as the user can directly control the HTML structure of the page. The vendor reported the issue to be a “feature”. However, it was possible to note that a great effort had been made in order to avoid Cross-Site-Scripting, so it was chosen to classify that as an issue.
|
|---|
| Fonte | ⚠️ https://github.com/klezVirus/cves/tree/master/NopCommerce/Cross-Site-Scripting |
|---|
| Utente | Anonymous User |
|---|
| Sottomissione | 06/12/2019 17:55 (7 anni fa) |
|---|
| Moderazione | 10/12/2019 09:01 (4 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 146824 [Nop Solution Ltd nopCommerce fino a 4.20 NewsController.cs SaveStoreMappings HTML Content cross site scripting] |
|---|
| Punti | 20 |
|---|