← Advisories

ViArt Shop Enterprise 4.1 (post-auth) Multiple Stored XSS Vulnerabilities

Medium
Advisory ID
ZSL-2012-5108
Release Date
25 September 2012
Vendor
ViArt Software - http://www.viart.com
Affected Version
4.1, 4.0.8 and 4.0.5
CVE
N/A
Tested On
Microsoft Windows 7 Ultimate SP1 (EN), Apache 2.4.2 (Win32), PHP 5.4.4, MySQL 5.5.25a
Summary

Viart Shop is a PHP based e-commerce suite, aiming to provide everything you need to run a successful on-line business.

Description

ViArt Shop suffers from multiple stored cross-site scripting vulnerabilities. The issues are triggered when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Proof of Concept
viart_xss.htmlTXT
Disclosure Timeline
09.09.2012Vulnerabilities discovered.
24.09.2012Contact with the vendor.
24.09.2012Vendor responds asking more details.
24.09.2012Sent detailed information to the vendor.
25.09.2012Vendor confirms the issues, releasing fix (http://www.viart.com/downloads/viart_shop-4.1.zip).
25.09.2012Coordinated public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
Exploit coded by teppei
References
[1]http://cxsecurity.com/issue/WLB-2012090224
[2]http://packetstormsecurity.org/files/116875
[3]http://secunia.com/advisories/50716/
[4]http://xforce.iss.net/xforce/xfdb/78894
[5]http://1337day.com/exploits/19469
[6]http://www.osvdb.org/show/osvdb/85743
[7]http://www.osvdb.org/show/osvdb/85744
[8]http://www.osvdb.org/show/osvdb/85745
[9]http://www.osvdb.org/show/osvdb/85746
Changelog
25.09.2012Initial release
26.09.2012Added reference [1], [2] and [3]
27.09.2012Added reference [4] and [5]
28.09.2012Added reference [6], [7], [8] and [9]