Title: xt:Commerce VEYTON 4.0.15 (products_name_de) Script Insertion Vulnerability
Advisory ID: ZSL-2012-5102
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 23.08.2012

Summary

One shop system, many shop solutions. The shop software xt:Commerce 4 is the basic framework for online shops and for merchants who install and configure their own shop.

Description

xt:Commerce suffers from a stored XSS vulnerability when parsing user input to the 'products_name_de' parameter via POST method thru '/xtAdmin/adminHandler.php' script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.

Vendor

xt:Commerce GmbH / xt:Commerce International Ltd. - http://www.xt-commerce.com

Affected Version

VEYTON 4.0.15 Professional/Merchant/Ultimate

Tested On

Microsoft Windows 7 Ultimate SP1 (EN)
Apache 2.4.2 (Win32)
PHP 5.4.4
MySQL 5.5.25a

Vendor Status

N/A

PoC

xtcommerce_xss.html

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] http://packetstormsecurity.org/files/115822
[2] http://cxsecurity.com/issue/WLB-2012080213
[3] http://www.securitylab.ru/vulnerability/428790.php
[4] http://secunia.com/advisories/50373/
[5] http://www.securelist.com/en/advisories/50373
[6] http://www.osvdb.org/show/osvdb/84860
[7] http://www.securityfocus.com/bid/55169
[8] http://xforce.iss.net/xforce/xfdb/77962
[9] http://www.exploit-db.com/exploits/20863/

Changelog

[23.08.2012] - Initial release
[24.08.2012] - Added reference [3], [4] and [5]
[26.08.2012] - Added reference [6] and [7]
[27.08.2012] - Added reference [8] and [9]

Contact

Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk