OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[CVE-2012-6458] Multiple Persistent XSS in silverstripe-ecommerce

From: Craig Young (vuln-reportsecur3.us)
Date: Sun Jul 14 2013 - 10:42:45 CDT


I am writing to inform you of multiple persistent XSS issues within
the ecommerce module
(https://code.google.com/p/silverstripe-ecommerce/) of SilverStripe
CMS. These issues have been fixed without a corresponding release
note or other indication of a security advisory. The author has been
unresponsive about what version numbers contain the fixes so I am
instead posting a link to the fix in case anyone wants to check/patch
their site.

https://code.google.com/p/silverstripe-ecommerce/source/detail?r=3739

Specifically there were some places where user-controlled profile
values were rendered without being sanitized. This could be exploited
by an attacker who establishes an account using their victim's email
address or an attacker who gains access to their victim's account by
any other means. In these situations the attacker could insert XSS
payloads which would execute if the victim subsequently logs into the
account. The issue is tracked as CVE-2012-6458.

Thanks,
Craig Young
CraigTweets