Vigil@nce - Magento Enterprise Edition: Cross Site Scripting of Use SID on Frontend
April 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can trigger a Cross Site Scripting in the "Use SID on
Frontend" feature of Magento Enterprise Edition, in order to
execute JavaScript code in the context of the web site.
– Impacted products: Magento Enterprise Edition
– Severity: 2/4
– Creation date: 11/04/2013
DESCRIPTION OF THE VULNERABILITY
The "SID on Frontend" configuration directive (System >
Configuration > WEB > Session Validation Settings, Use SID on
Frontend) is used to manage user’s session, with a unique
identifier.
However, this identifier is not filtered data before being
inserted in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting in the
"Use SID on Frontend" feature of Magento Enterprise Edition, in
order to execute JavaScript code in the context of the web site.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN