WS-2021-0465

Overview

The “vc-platform(VirtoCommerce)” application versions 3.0.0-rc.1 to v3.79.0 is affected by a stored XSS vulnerability in the product description section that allows low privileged application users to store malicious scripts in the product description.

Details

The “vc-platform(VirtoCommerce)” application is affected by a stored XSS vulnerability in the product description section that allows low privileged application users to store malicious scripts in the product description.
The vulnerability exists due to usage of HTML editor of uikit package, which supports markdown editing.

PoC Details

Login to the application with a manager role user that has administrative privileges for the electronics store. This is considered low privileges (this is not an administrative role of the application). Click on the “More” option from the left pane and then click the “Catalog” option. Click on the “Clothing” section, then click the “Accessories” section. Then select the bags section and open any of the products. Click on the Description option and click on QuickReview option to open the description. Now paste the below provided payload in the editor and click the preview option. Then click on the link created by the payload, and you will notice that XSS is triggered.

PoC Code

[notmalicious](javascript:window.onerror=alert;throw%20document.cookie)

Affected Environments

3.0.0-rc.1 to 3.79.0

Prevention

No fix