Comersus Cart Comersus_Search_Item.ASP Cross-Site Scripting Vulnerability
BID:13125
Info
Comersus Cart Comersus_Search_Item.ASP Cross-Site Scripting Vulnerability
| Bugtraq ID: | 13125 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 12 2005 12:00AM |
| Updated: | Apr 12 2005 12:00AM |
| Credit: | Discovery of this vulnerability is credited to Lostmon <[email protected]>. |
| Vulnerable: |
Comersus Open Technologies Comersus Cart 5.0 991 Comersus Open Technologies Comersus Cart 5.0 98 Comersus Open Technologies Comersus Cart 5.0 9 Comersus Open Technologies Comersus Cart 4.0 x |
| Not Vulnerable: |
Comersus Open Technologies Comersus Cart 6.0 |
Discussion
Comersus Cart Comersus_Search_Item.ASP Cross-Site Scripting Vulnerability
Comersus Cart is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly validate user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Comersus Cart is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly validate user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Exploit / POC
Comersus Cart Comersus_Search_Item.ASP Cross-Site Scripting Vulnerability
No exploit is required.
The following proof of concept is available:
http://www.example.com/store/comersus_searchItem.asp?strSearch=0&curPage=2">%3Cscript%3Ealert(document.cookie)%3C/script%3E
No exploit is required.
The following proof of concept is available:
http://www.example.com/store/comersus_searchItem.asp?strSearch=0&curPage=2">%3Cscript%3Ealert(document.cookie)%3C/script%3E
Solution / Fix
Comersus Cart Comersus_Search_Item.ASP Cross-Site Scripting Vulnerability
Solution:
This issue has been addressed in Comersus Cart version 6 and later.
Comersus Open Technologies Comersus Cart 4.0 x
Comersus Open Technologies Comersus Cart 5.0 991
Comersus Open Technologies Comersus Cart 5.0 9
Comersus Open Technologies Comersus Cart 5.0 98
Solution:
This issue has been addressed in Comersus Cart version 6 and later.
Comersus Open Technologies Comersus Cart 4.0 x
-
Comersus comersus.zip
http://www.comersus.com/download.html
Comersus Open Technologies Comersus Cart 5.0 991
-
Comersus comersus.zip
http://www.comersus.com/download.html
Comersus Open Technologies Comersus Cart 5.0 9
-
Comersus comersus.zip
http://www.comersus.com/download.html
Comersus Open Technologies Comersus Cart 5.0 98
-
Comersus comersus.zip
http://www.comersus.com/download.html
References
Comersus Cart Comersus_Search_Item.ASP Cross-Site Scripting Vulnerability
References:
References:
- Comersus Cart Homepage (Comersus Open Technologies)