COMMAND

	osCommerce multiple XSS vulnerabilities

SYSTEMS AFFECTED

	osCommerce milestones upto 2.2ms1

PROBLEM

	Daniel    Alcántara    de    la    Hoz,    Director     de     Proyectos
	[daniel.alcantara@iproyectos.com], iProyectos  Desarrollos  Tecnológicos
	advisory :
	
	 http://www.iproyectos.com/english.php
	
	
	--snip--
	
	osCommerce  is  a  widely  installed  open  source  shopping  e-commerce
	solution. Some XSS (cross-site scripting) problems  exists  in  versions
	of osCommerce prior to  3/14/2003  that  allow  an  attacker  to  inject
	arbitrary HTML code into a web page.
	
	An attacker could guide the victim to  a  specially  crafted  url  that,
	when followed, would send the cookie to the attacker.
	
	With the cookie of an user, an attacker would  be  able  to  hijack  his
	account.
	
	iProyectos wont provide direct exploit this time due to  the  simplicity
	of the bug (exploitation is straightforward with XSS bugs).  Here  is  a
	proof of concept on one of the four existent bugs.
	
	http://vulnerable.host/default.php?error_message=%3Cscript%20language=javascript%3Ewindow.alert%28document.cookie%29;%3C/script%3E
	
	The  full  list  of  vulnerabilities  is  available   in   our   website
	http://www.iproyectos.com/english.php that explains the four bugs.
	
	--snap--

SOLUTION

	To patch, update by CVS. Downloading the last milestone WON'T fix this.