QuadComm Q-Shop Cross Site Scripting Vulnerabilities
BID:9480
Info
QuadComm Q-Shop Cross Site Scripting Vulnerabilities
| Bugtraq ID: | 9480 |
| Class: | Input Validation Error |
| CVE: |
CVE-2004-2109 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 23 2004 12:00AM |
| Updated: | Jul 12 2009 02:06AM |
| Credit: | Discovery of this issue has been credited to Nick Gudov <[email protected]>. |
| Vulnerable: |
QuadComm Q-Shop 2.5 beta QuadComm Q-Shop 2.5 QuadComm Q-Shop 2.1 QuadComm Q-Shop 2.0 |
| Not Vulnerable: | |
Discussion
QuadComm Q-Shop Cross Site Scripting Vulnerabilities
Q-Shop has been reported to contain multiple cross-site scripting vulnerabilities. This issue is due to the application failing to perform proper sanitization of values passed through URI parameters. An attacker may exploit these issues by enticing a victim user to follow a malicious link that includes embedded hostile HTML and script code.
Q-Shop has been reported to contain multiple cross-site scripting vulnerabilities. This issue is due to the application failing to perform proper sanitization of values passed through URI parameters. An attacker may exploit these issues by enticing a victim user to follow a malicious link that includes embedded hostile HTML and script code.
Exploit / POC
QuadComm Q-Shop Cross Site Scripting Vulnerabilities
There is no exploit required.
There is no exploit required.
Solution / Fix
QuadComm Q-Shop Cross Site Scripting Vulnerabilities
Solution:
A fix Q-SHOP Euro (italian version of Q-SHOP) has been provided. Users may download the fix from the following location:
http://www.q-shop.it/patch/QSE_FIX_2004_01_26.zip
Solution:
A fix Q-SHOP Euro (italian version of Q-SHOP) has been provided. Users may download the fix from the following location:
http://www.q-shop.it/patch/QSE_FIX_2004_01_26.zip
References
QuadComm Q-Shop Cross Site Scripting Vulnerabilities
References:
References:
- Q-Shop ASP Shopping Cart Software (QuadComm)
- QuadComm Q-Shop ASP Shopping Cart Software multiple security vulnerabilities (S-Quadra Security Research
) - Re: QuadComm Q-Shop ASP Shopping Cart Software multiple security vulnerabilitie (S-Quadra Security Research
)