Cross site scripting in OsCommerce CEPhoenix (CVE-2020-12058)
Cross site scripting in OsCommerce CEPhoenix (CVE-2020-12058) Heading link
A cross site scripting vulnerability is present in OsCommerce CEPhoenix up until version 1.0.6.0
The vulnerabilities have been found automatically by the NAVEX project, in multiple files. An example can be see at /admin/currencies.php, line 208
The issue is that the user input is reflected in the response webpage without sufficient sanitization: the function tep_href_link() will remove the quotes from the user input, but since the input is reflected inside Javascript code, an attacker can bypass the escaping by terminating the quote with the HTML entity " allowing a reflected XSS attack.
We found the following vulnerable parameters in the following pages:
page parameter:
- catalog/admin/order_status.php
- catalog/admin/tax_rates.php
- catalog/admin/languages.php
- catalog/admin/countries.php
- catalog/admin/tax_classes.php
- catalog/admin/reviews.php
- catalog/admin/currencies.php
- catalog/admin/zones.php
zpage and spage parameter:
- catalog/admin/geo_zones.php.