X-Cart Gold 4.5 (products_map.php symb parameter) XSS Vulnerability

vendor:

X-Cart Gold

by:

muts

N/A

CVSS

N/A

XSS

CWE

Product Name: X-Cart Gold

Affected Version From: 4.5

Affected Version To: 4.5.4

Patch Exists: YES

Related CWE: N/A

CPE: a:x-cart:x-cart_gold:4.5

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2012

X-Cart Gold 4.5 (products_map.php symb parameter) XSS Vulnerability

X-Cart Gold implements a degree of XSS filtering but it is incomplete. The "symb" parameter of "products_map.php" is vulnerable to XSS and can be bypassed by using HTML anchor methods and URL encoding.

Mitigation:

X-Cart Gold 4.5.5 and later versions are not vulnerable to this issue.

Source

Exploit-DB raw data:

######################################################################################
# Exploit Title: X-Cart Gold 4.5 (products_map.php symb parameter) XSS Vulnerability
# Date: Jul 21 2012
# Author: muts
# Version: X-Cart Gold 4.5
# Vendor URL: http://www.x-cart.com/
######################################################################################

X-Cart Gold implements a degree of XSS filtering but it is incomplete.
The "symb" parameter of "products_map.php" is vulnerable to XSS and can be bypassed by using
HTML anchor methods and URL encoding.

Timeline:

29 May 2012: Vulnerability reported to CERT
30 May 2012: Response received from CERT with disclosure date set to 20 Jul 2012
21 Jul 2012: Public Disclosure

PoC:

http://victim/xcart/products_map?symb=%22%20onmousemove=javascript:eval%28unescape%28%26quot%3balert%28%22xss%22%29%3B%26quot%3B%29%29%3EAAAAAA