Description

Stored XSS in S-Cart Version 6.8.3 affecting Product and Category module.

Proof of Concept

Product version: S-Cart Version 6.8.3 core 6.8.10 , https://github.com/s-cart/s-cart/releases/tag/v6.8.3

Vulnerability 1: Stored XSS In Product module

1 Endpoint: POST http://localhost/s-cart/public/sc_admin/product/edit/{productID_here}

2 Parameter: descriptions[en][name]

3 Affected field: Name

4 Payload: <script>alert(document.cookie)</script>

Steps to reproduce:

1 Login as a user with has the permission of the Product module.

2 Go to Product & category > Products.

3 Edit any product and insert payload in Name field > Submit.

Xss will fireup by user visiting:

1 .http://localhost/s-cart/public/sc_admin/product

2 .http://localhost/s-cart/public/sc_admin/report/product

Vulnerability 2: Stored XSS In Category module

1 Endpoint: POST http://localhost/s-cart/public/sc_admin/category/edit/{categoryID_here}

2 Parameter: descriptions[en][title]

3Affected field: Name

4 Payload: Mobile Accessaries - <body onload=alert("sXSS-in-Category-Name")>

Steps to reproduce:

1 Login as a user with has the permission of the Category module.

2 Go to Product & category > Category

3 Edit any category and insert payload in Name field > Submit

Xss will fireup by user visiting:

1 http://localhost/s-cart/public/sc_admin/category

Impact

Through this vulnerability, an attacker is capable to execute malicious scripts.