JShop E-Commerce Suite Product.PHP Cross-Site Scripting Vulnerability

Bugtraq ID:	12403
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 31 2005 12:00AM
Updated:	Jan 31 2005 12:00AM
Credit:	Discovery is credited to SmOk3 <[email protected]>.
Vulnerable:	JShop E-Commerce JShop Server 1.2
Not Vulnerable:

JShop E-Commerce Suite Product.PHP Cross-Site Scripting Vulnerability

JShop E-Commerce Suite is affected by a cross-site scripting vulnerability in the 'product.php' script.

As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

JShop E-Commerce Suite Product.PHP Cross-Site Scripting Vulnerability

No exploit is required.

The following proof of concepts were provided:
product.php?xSec=1&xProd=7"><script>alert(document.domain);</script>

product.php?xSec=1"><script>alert(document.domain);</script>&xProd=7

JShop E-Commerce Suite Product.PHP Cross-Site Scripting Vulnerability

Solution:
This issue was reportedly fixed in JShop Server 1.3.0, however, this has not been confirmed by Symantec. Users are advised to contact the vendor to obtain fixes.

JShop E-Commerce Suite Product.PHP Cross-Site Scripting Vulnerability

References:

• JShop E-Commerce Homepage (JShop E-Commerce)
  
• JShop Server SS#27012005 (SystemSecure.org)