| Title | osCommerce ltd. osCommerce 4 cross site scripting |
|---|
| Description | Hi,
While testing osCommerce ltd. program i came across a vulnerable to RXSS on /b2b-supermarket/catalog/all-products via keywords parameter
source: https://demo.oscommerce.com/b2b-supermarket/catalog/all-products?keywords=%27%22%3E%3Cimg%2Fsrc%3D1+onerror%3Dalert%28document.cookie%29%3E
Impact:
Attackers can execute scripts in a victim’s browser to hijack user sessions, deface web sites, insert hostile content, redirect users, hijack the user’s browser using malware, etc.
|
|---|
| Source | ⚠️ https://github.com/osCommerce/osCommerce-V4 |
|---|
| User | xfwang (UID 59005) |
|---|
| Submission | 11/26/2023 11:42 (3 years ago) |
|---|
| Moderation | 12/08/2023 09:03 (12 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 247245 [osCommerce 4 all-products keywords cross site scripting] |
|---|
| Points | 20 |
|---|