Advisory ID: HTB23215 Product: Storesprite Vendor: Lamp Design Limited Vulnerable Version(s): 7 and probably prior Tested Version: 7 Advisory Publication: May 14, 2014 [without technical details] Vendor Notification: May 14, 2014=20 Vendor Patch: June 19, 2014=20 Public Disclosure: June 25, 2014=20 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-3737 Risk Level: Medium=20 CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://w= ww.htbridge.com/advisory/ )=20 ---------------------------------------------------------------------------= -------------------- Advisory Details: High-Tech Bridge Security Research Lab discovered XSS vulnerability in Stor= esprite, which can be exploited to perform Cross-Site Scripting attacks. 1) Reflected Cross-Site Scripting (XSS) in Storesprite: CVE-2014-3737 The vulnerability exists due to insufficient sanitisation of user-supplied = data in URI. A remote attacker can trick a logged-in user to open a special= ly crafted link and execute arbitrary HTML and script code in browser in co= ntext of the vulnerable website. Successful exploitation of the vulnerabili= ty may allow an attacker to change appearance of the web site, steal cookie= s of other users and forge check out pages. It is also possible to gain adm= inistrative access to the web site its administrator falls victim to XSS at= tack. The exploitation example below uses the "alert()" JavaScript function to di= splay "immuniweb" word: http://[host]/brand.php/%22onmouseover%3d%27alert%28%22immuniweb%22%29%27%2= 0a%3d%22%3E ---------------------------------------------------------------------------= -------------------- Solution: Update to Storesprite 7 - 19-06-14 More Information: http://www.storesprite.com/docs/26/htb23215_xss_vulnerability/ ---------------------------------------------------------------------------= -------------------- References: [1] High-Tech Bridge Advisory HTB23215 - https://www.htbridge.com/advisory/= HTB23215 - Cross-Site Scripting (XSS) Vulnerability in Storesprite. [2] Storesprite - http://www.storesprite.com - Storesprite is a feature pac= ked shopping cart. [3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - in= ternational in scope and free for public use, CVE=C2=AE is a dictionary of = publicly known information security vulnerabilities and exposures. [4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to = developers and security practitioners, CWE is a formal list of software wea= kness types. [5] ImmuniWeb=C2=AE SaaS - https://www.htbridge.com/immuniweb/ - hybrid of = manual web application penetration test and cutting-edge vulnerability scan= ner available online via a Software-as-a-Service (SaaS) model. ---------------------------------------------------------------------------= -------------------- Disclaimer: The information provided in this Advisory is provided "as is" a= nd without any warranty of any kind. Details of this Advisory may be update= d in order to provide as accurate information as possible. The latest versi= on of the Advisory is available on web page [1] in the References.