osCommerce URI Parameter Script Code Execution Vulnerability

vendor:

osCommerce

by:

SecurityFocus

7.5

CVSS

HIGH

Script Code Execution

CWE

Product Name: osCommerce

Affected Version From: 2.2ms1

Affected Version To: 2.2ms1

Patch Exists: YES

Related CWE: N/A

CPE: oscommerce

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

osCommerce URI Parameter Script Code Execution Vulnerability

It has been reported that osCommerce does not sufficiently filter URI parameters supplied to multiple osCommerce scripts. As a result of this deficiency, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of a legitimate user. All code will be executed within the context of the website running osCommerce. This may allow for theft of cookie-based authentication credentials and other attacks.

Mitigation:

Filter user input and validate all parameters supplied to osCommerce scripts.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7153/info

It has been reported that osCommerce does not sufficiently filter URI parameters supplied to multiple osCommerce scripts. 

As a result of this deficiency, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of a legitimate user. All code will be executed within the context of the website running osCommerce. 

This may allow for theft of cookie-based authentication credentials and other attacks.

This vulnerability was reported to affect osCommerce version 2.2ms1, prior versions are reportedly affected.

http://www.example.com/default.php?info_message=%3Cscript%20language=javascript%3Ewindow.alert%28document.cookie%29;%3C/script%3E