CubeCart Reflected Cross-Site Scripting Vulnerability in Search Feature

A reflected cross-site scripting vulnerability has been identified in CubeCart versions prior to 6.7.0. This issue arises in the search feature, where user input is improperly sanitized in the 'classes/catalogue.class.php' file. The vulnerability occurs only when a search returns exactly one product, allowing an attacker to inject malicious JavaScript that could be executed in the victim's browser. This exploitation could lead to session hijacking, unauthorized account access, site defacement, or phishing attempts.

Impact

Exploitation of this vulnerability allows for the execution of malicious JavaScript in the context of the victim's browser. This could result in session cookie theft and unauthorized access to the victim's account, including administrative privileges. Such access could be used to perform unauthorized actions on the site or conduct phishing attacks.

Reproduction

To reproduce this vulnerability, perform the following steps: 1. Navigate to the search bar on the CubeCart homepage. 2. Enter a product name that returns exactly one result, followed by a script payload, such as 'SAMSUNG <script>alert("Test!")</script>'. 3. Press Enter and observe the alert box, which confirms the execution of the injected script. Alternatively, a direct link can be used with the same payload, ensuring that the search query matches a product that returns a single result.

Remediation

Users can update to CubeCart version 6.7.0 or later, where this vulnerability has been fixed.