CartWIZ multiple scripts cross-site scripting

cartwiz-multiple-script-xss (20249) The risk level is classified as MediumMedium Risk

Description:

CartWIZ is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could create a specially-crafted URL to the tellAFriend.asp script or to the addToWishlist.asp script containing embedded code in the idProduct parameter, to the access.asp script or to the login.asp script containing embedded code in the redirect parameter, to the error.asp script or to the login.asp script containing embedded code in the message parameter, to the searchResults.asp script containing embedded code in the sku parameter or the name parameter, which, once the URL is clicked, would be executed in the victim's Web browser within the security context of the hosting site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

Platforms Affected:

  • Elemental Software, CartWIZ

Remedy:

No remedy available as of June 27, 2009.

Consequences:

Gain Access

References:

  • BugTraq Mailing List, Sat Apr 23 2005 - 20:26:56 CDT, Multiple Sql injection and XSS in CartWIZ ASP Cart at http://archives.neohapsis.com/archives/bugtraq/2005-04/0385.html.
  • CartWIZ Web site, CartWIZ is the Easy-to-Use ASP Shopping Cart Software Suite. Build your Online Store Today! at http://www.cartwiz.com/.
  • BID-13336: CartWIZ TellAFriend.ASP Cross-Site Scripting Vulnerability
  • BID-13337: CartWIZ AddToWishlist.ASP Cross-Site Scripting Vulnerability
  • BID-13338: CartWIZ Access.ASP Cross-Site Scripting Vulnerability
  • BID-13339: CartWIZ Error.ASP Cross-Site Scripting Vulnerability
  • BID-13340: CartWIZ Login.ASP Redirect Argument Cross-Site Scripting Vulnerability
  • BID-13341: CartWIZ Login.ASP Message Argument Cross-Site Scripting Vulnerability
  • BID-13342: CartWIZ SearchResults.ASP SKU Argument Cross-Site Scripting Vulnerability
  • BID-13343: CartWIZ SearchResults.ASP Name Argument Cross-Site Scripting Vulnerability
  • CVE-2005-1292: Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP Cart allow remote attackers to inject arbitrary web script or HTML via the idProduct parameter to (1) tellAFriend.asp or (2) addToWishlist.asp, redirect parameter to (3) access.asp or (4) login.asp, message parameter to (5) login.asp or (6) error.asp, or (7) sku or (8) name parameter to searchResults.asp.
  • CVE-2005-2207: Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ allows remote attackers to inject arbitrary web script or HTML via the message parameter.
  • OSVDB ID: 15775: CartWIZ tellAFriend.asp idProduct Variable XSS
  • OSVDB ID: 15776: CartWIZ addToWishlist.asp idProduct Variable XSS
  • OSVDB ID: 15777: CartWIZ access.asp redirect Variable XSS
  • OSVDB ID: 15778: CartWIZ error.asp message Variable XSS
  • OSVDB ID: 15780: CartWIZ searchResults.asp Multiple Variable XSS
  • SA15055: CartWIZ Cross-Site Scripting and SQL Injection Vulnerabilities
  • SECTRACK ID: 1013792: CartWIZ Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks
  • SECTRACK ID: 1014418: CartWIZ Input Validation Holes in `id`, `idProduct`, `sortType`, and `message` Parameters Permit SQL Injection and Cross-Site Scripting Attacks

Reported:

Apr 25, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page