Headline
osCommerce 4 Cross Site Scripting
osCommerce version 4 suffers from a cross site scripting vulnerability.
# Exploit Title: osCommerce 4 - Reflected XSS# Exploit Author: CraCkEr# Date: 13/11/2023# Vendor: osCommerce ltd.# Vendor Homepage: https://www.oscommerce.com/# Software Link: https://demo.oscommerce.com/# Demo Link: https://demo.oscommerce.com/printshop/# Tested on: Windows 11 Home# Impact: Manipulate the content of the site# CWE: CWE-79 - CWE-74 - CWE-707# CVE: CVE-2023-6296## GreetingsThe_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL, MoizSid09, indoushkaCryptoJob (Twitter) twitter.com/0x0CryptoJob## DescriptionAttacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsPath: /catalog/compareGET parameter 'compare[]' is vulnerable to XSShttps://website/catalog/compare?compare[]=40dz4iq"><script>alert(1)</script>zohkx[-] DoneRelated news
CVE-2023-6296
A vulnerability was found in osCommerce 4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /catalog/compare of the component Instant Message Handler. The manipulation of the argument compare with the input 40dz4iq"><script>alert(1)</script>zohkx leads to cross site scripting. The attack may be launched remotely. VDB-246122 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.