Scan of my site by the hosting provide reports a Medium cross-site scripting vulnerability. I am attaching the complete report as a file. Here is the summary

Description:
The remote web server hosts one or more cgi scripts that fail to
adequately sanitize request strings with malicious JavaScript. By
leveraging this issue, an attacker may be able to cause arbitrary HTML
and script code to be executed in a user's browser within the security
context of the affected site. These XSS vulnerabilities are likely to
be 'non-persistent' or 'reflected'.

See Also:
http://en.wikipedia.org/wiki/Cross_site_scripting#Non-persistent
http://www.Site Scanner.org/u?9717ad85
http://projects.webappsec.org/Cross-Site+Scripting

Risk Factor:
Medium / CVSS Base Score : 4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Solution:
Restrict access to the vulnerable application. Contact the vendor
for a patch or upgrade.

Can you please advice.

Thanks

CommentFileSizeAuthor
X-site-report.txt3.95 KBnovice

Comments

damien tournoud’s picture

damien tournoud commented
Project: Drupal core » Ubercart advanced catalog

Unpublished security report.

damien tournoud’s picture

damien tournoud commented
Version: 6.22 » 6.x-2.x-dev
Component: base system » Code

This is apparently an issue in Ubercart advanced catalog. Cleared by the security team to be handled publicly, as there is no stable release of this module.

novice’s picture

novice commented

For now I have put a fix as below. Can you please review

--- ./uc_advanced_catalog.pages.inc.old 2011-12-03 23:09:17.000000000 -0500
+++ ./uc_advanced_catalog.pages.inc     2011-12-03 23:06:30.000000000 -0500
@@ -344,12 +344,18 @@
  * @ingroup themeable
  */
 function theme_uc_advanced_catalog_products($products, $mode) {
-  $output = '<div class="category-'. $mode .'-products">';
-  if (function_exists('theme_uc_advanced_catalog_products_'. $mode)) {
-    $output .= theme('uc_advanced_catalog_products_'. $mode, $products);
+  $validmode = preg_match('/^[a-zA-Z0-9]+$/',$mode);
+  if ($validmode == 1) {
+    $output = '<div class="category-'. $mode .'-products">';
+    if (function_exists('theme_uc_advanced_catalog_products_'. $mode)) {
+      $output .= theme('uc_advanced_catalog_products_'. $mode, $products);
+    }
+    else {
+      $output .= t('error, no theming function for !mode mode!', array('!mode' => $mode));
+    }
   }
   else {
-    $output .= t('error, no theming function for !mode mode!', array('!mode' => $mode));
+    $output .= t('<div class="error">error, invalid characters in mode');
   }
   $output .= "</div>";
   return $output;
mogtofu33’s picture

mogtofu33 commented
Assigned: Unassigned » mogtofu33
Priority: Normal » Major
Status: Active » Fixed

This security issue has been fixed on next dev snapshot (December 13, 2011)
Regards.
Mog.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.