| Título | osCommerce ltd. osCommerce 4 cross site scripting |
|---|
| Descrição | Hi,
While testing osCommerce ltd. program i came across a vulnerable to RXSS on /b2b-supermarket/catalog/all-products via keywords parameter
source: https://demo.oscommerce.com/b2b-supermarket/catalog/all-products?keywords=%27%22%3E%3Cimg%2Fsrc%3D1+onerror%3Dalert%28document.cookie%29%3E
Impact:
Attackers can execute scripts in a victim’s browser to hijack user sessions, deface web sites, insert hostile content, redirect users, hijack the user’s browser using malware, etc.
|
|---|
| Fonte | ⚠️ https://github.com/osCommerce/osCommerce-V4 |
|---|
| Utilizador | xfwang (UID 59005) |
|---|
| Submissão | 26/11/2023 11h42 (há 3 anos) |
|---|
| Moderação | 08/12/2023 09h03 (12 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 247245 [osCommerce 4 all-products keywords Script de Site Cruzado] |
|---|
| Pontos | 20 |
|---|