We found results for “”
WS-2021-0487
Date: December 15, 2021
Overview
The “vc-platform(VirtoCommerce)” application versions v2.1 to v3.79.0 is affected by a stored XSS vulnerability via HTML file upload in the Asset Upload feature. This allows low privileged application users to store malicious scripts in the uploaded file. These scripts are executed in a victim’s browser when they open the uploaded file.Details
The “vc-platform(VirtoCommerce)” application is affected by a stored XSS vulnerability via HTML file upload in the Asset Upload feature that allows low privileged application users to store malicious scripts in the uploaded file. These scripts are executed in a victim’s browser when they open the malicious uploaded file.PoC Details
Login to the application with a manager role user that has administrative privileges for the electronics store. This is considered low privileges (this is not an administrative role of the application). Click on the “More” option on the left pane and then click the “Content” option. Click on the “Pages” option in the Electronics store section, then click the “Upload” option and then click the icon in Asset Upload section to upload a file. Then select the malicious HTML file (that contains the payload in POC Code section) and upload it. Click on the three dots next to the uploaded image and copy the file link. Now open a new tab in the browser and navigate to the copied link, and the XSS will be triggered.PoC Code
<script>alert(1)</script>
Affected Environments
v2.1 to 3.79.0Prevention
no fixLanguage: C#
Good to know:
Base Score: |
|
---|---|
Attack Vector (AV): | Network |
Attack Complexity (AC): | Low |
Privileges Required (PR): | Low |
User Interaction (UI): | Required |
Scope (S): | Changed |
Confidentiality (C): | Low |
Integrity (I): | Low |
Availability (A): | None |