제출 #243620: osCommerce ltd. osCommerce 4 cross site scripting정보

제목osCommerce ltd. osCommerce 4 cross site scripting
설명Hi, While testing osCommerce ltd. program i came across a vulnerable to RXSS on /b2b-supermarket/catalog/all-products via keywords parameter source: https://demo.oscommerce.com/b2b-supermarket/catalog/all-products?keywords=%27%22%3E%3Cimg%2Fsrc%3D1+onerror%3Dalert%28document.cookie%29%3E Impact: Attackers can execute scripts in a victim’s browser to hijack user sessions, deface web sites, insert hostile content, redirect users, hijack the user’s browser using malware, etc.
원천⚠️ https://github.com/osCommerce/osCommerce-V4
사용자
 xfwang (UID 59005)
제출2023. 11. 26. AM 11:42 (3 연령 ago)
모더레이션2023. 12. 08. AM 09:03 (12 days later)
상태수락
VulDB 항목247245 [osCommerce 4 all-products keywords 크로스 사이트 스크립팅]
포인트들20

이전개요다음

Might our Artificial Intelligence support you?

Check our Alexa App!