Please help us to make AbanteCart Ideal Open Source Ecommerce Solution for everyone.

Support AbanteCart eCommerce

Author Topic: XSS Vulnerability  (Read 7526 times)

Offline Mahomed Dawood

  • Jr. Member
  • **
  • Posts: 61
  • Karma: +4/-0
    • View Profile
XSS Vulnerability
« on: December 09, 2021, 05:15:44 AM »
Hi Guys

I recently ran a security check on my website and came across some reflective xss vulnerability on the product page
Is this something that abantecart are planning on fixing ? or could this just be misconfiguration on my side ?

Offline Basara

  • Administrator
  • Hero Member
  • *****
  • Posts: 5774
  • Karma: +274/-2
    • View Profile
Re: XSS Vulnerability
« Reply #1 on: December 09, 2021, 05:35:06 AM »
Hello.

Can you please tell us more about your findings?

Offline Mahomed Dawood

  • Jr. Member
  • **
  • Posts: 61
  • Karma: +4/-0
    • View Profile
Re: XSS Vulnerability
« Reply #2 on: December 09, 2021, 05:58:38 AM »
Hi

So if i call my website

http://mywebsite/uri?keyword=10mm&category_id=%2522%253e%253cscript%253ealert%2528987654321%2529%253c%252fscript%253e

A pop up appears with a javascript

Please see attached


Offline Basara

  • Administrator
  • Hero Member
  • *****
  • Posts: 5774
  • Karma: +274/-2
    • View Profile
Re: XSS Vulnerability
« Reply #3 on: December 09, 2021, 07:18:33 AM »

Offline Mahomed Dawood

  • Jr. Member
  • **
  • Posts: 61
  • Karma: +4/-0
    • View Profile

Offline Mahomed Dawood

  • Jr. Member
  • **
  • Posts: 61
  • Karma: +4/-0
    • View Profile
Re: XSS Vulnerability
« Reply #5 on: December 09, 2021, 08:48:25 AM »
I have abantecart v1.3.1

Offline Basara

  • Administrator
  • Hero Member
  • *****
  • Posts: 5774
  • Karma: +274/-2
    • View Profile
Re: XSS Vulnerability
« Reply #6 on: December 10, 2021, 12:07:23 AM »
Hello.
Thank you for reporting. We will provide the fix shortly
Please follow issue in the bug tracker https://github.com/abantecart/abantecart-src/issues/1513
« Last Edit: December 10, 2021, 06:25:50 AM by Basara »

Offline Mahomed Dawood

  • Jr. Member
  • **
  • Posts: 61
  • Karma: +4/-0
    • View Profile
Re: XSS Vulnerability
« Reply #7 on: December 10, 2021, 12:17:47 AM »
Thank you

Offline Basara

  • Administrator
  • Hero Member
  • *****
  • Posts: 5774
  • Karma: +274/-2
    • View Profile
Re: XSS Vulnerability
« Reply #8 on: December 14, 2021, 06:28:24 AM »
Hello.
You can try to apply the fix on your site
See commit in https://github.com/abantecart/abantecart-src/issues/1513

Offline Mahomed Dawood

  • Jr. Member
  • **
  • Posts: 61
  • Karma: +4/-0
    • View Profile
Re: XSS Vulnerability
« Reply #9 on: December 15, 2021, 04:28:59 AM »
Hi

Works like a charm

Thank you for your assistance

Offline garyfartsalot

  • Newbie
  • *
  • Posts: 23
  • Karma: +1/-0
    • View Profile
Re: XSS Vulnerability
« Reply #10 on: January 13, 2023, 05:10:46 AM »
Hi Mahomed Dawood
How did you fix?
Did you update abantecart to latest fixed version or did you apply a fix?

Offline llegrand

  • Hero Member
  • *****
  • Posts: 1798
  • Karma: +520/-7
    • View Profile
Re: XSS Vulnerability
« Reply #11 on: January 13, 2023, 06:05:14 PM »
what cart version are you currently using?

We have posted the patch file for AbanteCart v 1.3.2 along with instructions
You can get it here:

https://why2central.net/patch/abantecart-v1-3-2-default-core-xss-vulnerability-patch-file/

If you are using v 1.3.3,  the corrected files are already in that code.


 

Powered by SMFPacks Social Login Mod