Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17730
HistoryAug 10, 2007 - 12:00 a.m.

Storesprite XSS vuln.

2007-08-1000:00:00
vulners.com
34

Storesprite XSS vuln.
###############################################
Vuln. discovered by : r0t
Date: 10 August 2007
vendor:http://www.storesprite.com/
orginal advisory:
http://pridels-team.blogspot.com/2007/08/storesprite-xss-vuln.html
affected versions:Storesprite 7 and previous
###############################################

Storesprite contains a flaw that allows a remote Cross-Site Scripting
attacks.Input passed to the "next" parameter in
"secure/addaddress.php","secure/editshipdetails.php","secure/register.php","secure/login.php"
isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################