Info

Disclosure

Sep 03, 2008

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Sep 04, 2008

Description

Avactis Shopping Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'step_id' and 'CHECKOUT_CZ_BLOWFISH_KEY' variables upon submission to the 'checkout.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Third-Party Solution
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Avactis has released a patch to address this vulnerability.

Products

Unknown or Incomplete

References

CVE ID: 2008-6969 (see also: NVD)
Bugtraq ID: 31054
Secunia Advisory ID: 31768
ISS X-Force ID: 44929
Other Advisory URL: http://holisticinfosec.org/content/view/81/45/
Vendor Specific Solution URL: http://www.avactis.com/forums/index.php?showtopic=3577

Credit

Russ McRee - holisticinfosec.org

Direct URL: http://osvdb.org/47946