E: sales@storesprite.com

HTB23215 XSS Vulnerability


Advisory ID: HTB23215
Reference: https://www.htbridge.com/advisory/HTB23215
Product: Storesprite
Vendor: Lamp Design Limited ( http://www.storesprite.com )
Vulnerable Version(s): 7 and probably prior
Tested Version: 7
Public Disclosure: June 25, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-3737
Risk Level: Medium
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )



Advisory Details:

High-Tech Bridge Security Research Lab discovered XSS vulnerability in Storesprite, which can be exploited to perform Cross-Site Scripting attacks.

1) Cross-Site Scripting (XSS) in Storesprite: CVE-2014-3737

The vulnerability exists due to insufficient sanitisation of user-supplied data in URI. A remote attacker can trick a logged-in user to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.

The vulnerability only applies to installations where the vendor is utilising the currency selection dropdown.

Solutions

1. Patch release

A patched release has been made available on our website as of 19-06-2014. This can be downloaded from the normal download page.

2. Patch files

A zip containing patched files to apply to existing installations can be downloaded here:

HTB23215 Patch

3. Manual Instructions

Alternatively a quick patch can be applied manually without modifying core files. You need to edit /templates/defaultheader.php, locate the following lines (LN 106 in unmodified file) and change from:

echo currencyUrl();

to:

echo htmlspecialchars(currencyUrl());

Save the file.