Shopping Cart Operations > Security
XSS Vulnerability
Mahomed Dawood:
Hi Guys
I recently ran a security check on my website and came across some reflective xss vulnerability on the product page
Is this something that abantecart are planning on fixing ? or could this just be misconfiguration on my side ?
Basara:
Hello.
Can you please tell us more about your findings?
Mahomed Dawood:
Hi
So if i call my website
http://mywebsite/uri?keyword=10mm&category_id=%2522%253e%253cscript%253ealert%2528987654321%2529%253c%252fscript%253e
A pop up appears with a javascript
Please see attached
Basara:
Hello.
What is your AbanteCart version?
I do not see the problem on AbanteCart demo https://demo.abantecart.com/uri?keyword=10mm&category_id=%2522%253e%253cscript%253ealert%2528987654321%2529%253c%252fscript%253e
Mahomed Dawood:
Hi
Seems to originate from the search bar
Try this
https://demo.abantecart.com/index.php?rt=product/search&keyword=shoe&category_id=%2522%253e%253cscript%253ealert%2528987654321%2529%253c%252fscript%253e
Navigation
[0] Message Index
[#] Next page
Go to full version