| VID |
21274 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The osCommerce has a Cross-Site-Scripting vulnerability via malformed session ID.
osCommerce is an online shop e-commerce solution under on going development by the open source community. osCommerce version 2.2ms2 and earlier allow for a cross-site scripting attack as remote attackers could create a malicious link to a site hosting osCommerce which contains hostile HTML and script code. This problem arises due to handling insufficiently user-supplied session ID passed to URI. When a such a link is visited, attacker-supplied code could be interpreted in the web client of the user. This may make it possible to steal an unsuspecting user's cookie-based authentication credentials, as well as other sensitive information.
* References:
http://www.securityfocus.com/archive/1/347831
http://www.oscommerce.com/community/bugs,1546
* Platforms Affected:
osCommerce version 2.2ms2 and earlier |
| Recommendation |
It has been reported that osCommerce 2.2 Milestone 3 is not affected by this issue. If the upgrade is released, then you can download it from http://www.oscommerce.com/downloads
The vendor has advised users to apply the following workaround:
To fix the issue, the $_sid parameter needs to be wrapped around tep_output_string() in the tep_href_link() function defined in includes/functions/html_output.php.
Before:
if (isset($_sid)) {
$link .= $separator . $_sid;
}
After:
if (isset($_sid)) {
$link .= $separator . tep_output_string($_sid);
} |
| Related URL |
CVE-2003-1219 (CVE) |
| Related URL |
9238 (SecurityFocus) |
| Related URL |
(ISS) |
|
