vendor:
AspDotNetStorefront
by:
5.5
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name: AspDotNetStorefront
Affected Version From: AspDotNetStorefront 3.3
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: a:aspdotnetstorefront:aspdotnetstorefront:3.3
Platforms Tested:
Cross-Site Scripting vulnerability in AspDotNetStorefront
The 'returnurl' parameter in the 'signin.aspx' script of AspDotNetStorefront is not properly sanitized, allowing remote attackers to execute malicious JavaScript code and steal user authentication credentials.
Mitigation:
To mitigate this vulnerability, it is recommended to sanitize user input before using it in HTML or JavaScript context. AspDotNetStorefront should update their code to properly sanitize the 'returnurl' parameter.