-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 admin@xxxxxxxxxxxxxxxx wrote: > (...) > 1. Cross Site Scripting: > 1.1 Input passed directly to the "keywords" parameter in "advanced_search_result.php" is not properly sanitised before being returned to the user. > This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. > > 1.2 PoC: > /advanced_search_result.php?keywords=/>"<script>alert(15)</script>&x=1&y=1 > I can't confirm this on xtCommerce 3.0.4. The keywords parameter is handled frequently, but never printed (and escaped when integrated in database queries). In which line did you find the vulnerability? md5sum of my copy (Windows line ending): 89f73d92a197965f6ac2e7cacb091c44 shop/advanced_search_result.php > (..) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEAREKAAYFAkjY920ACgkQ9eq1gvr7CFwjAACfYCmdY2kL0gmc1ogZBI9iBIWn IbwAn0w3CYfy7Xvq24zoL747AxBEMiXI =p3rQ -----END PGP SIGNATURE-----
