Shopping Cart Operations > Security

XSS Vulnerability

(1/2) > >>

Mahomed Dawood:
Hi Guys

I recently ran a security check on my website and came across some reflective xss vulnerability on the product page
Is this something that abantecart are planning on fixing ? or could this just be misconfiguration on my side ?

Basara:
Hello.

Can you please tell us more about your findings?

Mahomed Dawood:
Hi

So if i call my website

http://mywebsite/uri?keyword=10mm&category_id=%2522%253e%253cscript%253ealert%2528987654321%2529%253c%252fscript%253e

A pop up appears with a javascript

Please see attached

Basara:
Hello.
What is your AbanteCart version?
I do not see the problem on AbanteCart demo https://demo.abantecart.com/uri?keyword=10mm&category_id=%2522%253e%253cscript%253ealert%2528987654321%2529%253c%252fscript%253e

Mahomed Dawood:
Hi

Seems to originate from the search bar

Try this

https://demo.abantecart.com/index.php?rt=product/search&keyword=shoe&category_id=%2522%253e%253cscript%253ealert%2528987654321%2529%253c%252fscript%253e

Navigation

[0] Message Index

[#] Next page

Go to full version
Powered by SMFPacks Social Login Mod