Vulnerability Note VU#924124
X-Cart contains multiple vulnerabilities
Original Release date: 02 Apr 2015 | Last revised: 02 Apr 2015

Overview
X-Cart versions 5.1.6 through 5.1.10 are vulnerable to cross-site scripting (XSS), and versions 5.1.10 and below are vulnerable to authorization bypass.

Description
CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) – CVE-2015-0950
X-Cart versions 5.1.6 through 5.1.10 contain a reflected cross-site scripting (XSS) vulnerability. An attacker can inject arbitrary script via the query string parameter substring in admin.php.

CWE-639: Authorization Bypass Through User-Controlled Key – CVE-2015-0951

X-Cart versions 5.1.10 and below contain an insecure direct object reference vulnerability. An attacker can obtain or delete address data associated with other user accounts by manipulating parameters in requests to update or remove addresses. The CVSS score below reflects this issue.

Impact
A remote, unauthenticated attacker may be able to execute arbitrary script in the context of the end-user’s browser session. A remote, authenticated attacker may be able to obtain or remove data associated with other users’ accounts.

Solution
Apply an update

The vendor has released X-Cart 5.1.11 to address the vulnerabilities. Users are advised to upgrade.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate UpdatedX-CartAffected03 Feb 201502 Apr 2015If you are a vendor and your product is affected, let
us know.

CVSS Metrics (Learn More)

Group
Score
Vector

Base
6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

Temporal
4.8
E:POC/RL:OF/RC:UR

Environmental
3.6
CDP:N/TD:M/CR:ND/IR:ND/AR:ND

References

http://www.x-cart.com/
https://blog.x-cart.com/5-1-11-released.html
http://cwe.mitre.org/data/definitions/79.html
http://cwe.mitre.org/data/definitions/639.html

Credit

Thanks to Yasser Ali for reporting this vulnerability.
This document was written by Joel Land.

Other Information

CVE IDs:
CVE-2015-0950
CVE-2015-0951

Date Public:
02 Apr 2015

Date First Published:
02 Apr 2015

Date Last Updated:
02 Apr 2015

Document Revision:
13

FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email.

Leave a Reply