mrvautin expressCart Frame Injection Vulnerability in Edit Product Page

A frame injection vulnerability has been identified in mrvautin expressCart versions up to b31302f4e99c3293bd742c6d076a721e168118b0. The issue resides in the Edit Product Page component, specifically within the file '/admin/product/edit/'. This vulnerability allows for user-controlled image sources to load untrusted frames, which can be exploited to probe internal services, gather information, and manipulate content within trusted contexts. The attack can be initiated remotely, but requires authentication and user interaction.

Impact

Exploitation of this vulnerability could lead to unauthorized injection of frames, allowing attackers to manipulate content in trusted contexts, gather information from internal services, and potentially exploit other vulnerabilities that require user interaction.

Reproduction

To reproduce this vulnerability, log into an account with access to the admin product edit page. Once authenticated, navigate to the edit product page and inject a frame by manipulating the image source of an image element. This can be done by uploading an image that points to an external frame or by using a data URL that includes a frame payload. After injecting the image, the untrusted frame will be loaded, demonstrating the frame injection vulnerability.