Loaded Commerce Community

Cross-Site Scripting (XSS)
Cross-site scripting is a term used to describe problems which arise when
maliciously crafted user data causes a web application to re-direct an unsuspecting
web browser to an undesired site. It was possible to send strings with special HTML
characters ( < > " ' ) to your web application, and see them rendered in the response.
Since these characters were not encoded by the web application, it may be possible
to inject HTML scripting code into the rendered page. The injections can occur in
your HTML body, Title, Scripting, or even commented out portions of the
document. Note: Due to the potential negative impact on this web server's resources
that could result from attacking a large number of cross-site scripting attack vectors,
TrustKeeper abandons this test after it has found at least three instances where user
input is not being properly sanitized. Therefore, it is possible that the reported
findings associated with this vulnerability are only a subset of all possible attack
vectors.
All Cross-Site Scripting vulnerabilities are considered non-compliant by PCI.
CVSSv2: AV:N/AC:M/Au:N/C:N/I:P/A:N (4.3)
Reference: http://www.cert.org/advisories/CA-2000-02.html, http://www.owasp.org/
index.php/Cross-site_scripting, http://www.owasp.org/index.php/Data_Validation,
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting
Service: Apache
Evidence:
Virtual Host: www.estore.com
Date: 2010-09-06 21:16:34.78
Vulnerable Page: http://7.105.5.3:80/store/advanced_search_result.php
HTTP Request Mode: get
HTTP Status Code: 200
Test Input String: %3CScRipT%20%3Ealert%28%27test%27%29%3B%3C%
2FScRipT%20%3E
Search Pattern:
Pattern Match:
Referrer Page: http://www.estore.com/store/big-don-c-95.html?
products_id=105&action=buy_now
Vulnerable Parameter: keywords
Vulnerable Parameter: osCsid