ISS X-Force Database: oscommerce-multiple-scripts-xss(11590): osCommerce multiple scripts cross-site scripting

osCommerce multiple scripts cross-site scripting

oscommerce-multiple-scripts-xss (11590)

Medium Risk

Description:

osCommerce is vulnerable to cross-site scripting. A remote attacker could create a specially-crafted URL link containing embedded script to the error_message.php, info_message or checkout_payment.php script, which would be executed in a victim's Web browswer within the security context of the hosting site, once the link is clicked or to the account_history_info.php or to the checkout_confirmation.php script, which would be executed in a victim's Web browswer within the security context of the hosting site, once the order is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials or launch further attacks against the affected server.

Platforms Affected:

osCommerce, osCommerce 2.2ms1 and prior

Remedy:

Apply the latest CVS snapshot release (2.2-CVS or later), available from the iProyectos Web site. See References.

Consequences:

Gain Access

References:

BugTraq Mailing List, Thu Mar 20 2003 - 09:54:43 CST , [IPS] osCommerce multiple XSS vulnerabilities at http://archives.neohapsis.com/archives/bugtraq/2003-03/0301.html.
iProyectos Web site, �reas de negocio at http://www.iproyectos.com.
osCommerce Web site, osCommerce, Open Source E-Commerce Solutions at http://www.oscommerce.com/solutions/oscommerce.
osCommerce Web site, osCommerce, Open Source E-Commerce Solutions at http://www.oscommerce.com/community/bugs/action,search/where,bugs/search,cross/status,ALL.
BID-7151: OSCommerce Error_Message Cross-Site Scripting Vulnerability
BID-7153: OSCommerce Info_Message Cross-Site Scripting Vulnerability
BID-7155: OSCommerce Checkout_Payment.PHP Error Output Cross-Site Scripting Vulnerability
BID-7156: OSCommerce Account_History_Info.PHP HTML code injection Vulnerability
BID-7158: OSCommerce Checkout_Confirmation.PHP Comment HTML Injection Vulnerability

Reported:

Mar 20, 2003

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page