Dognædis Ref.: DGS-SEC-18
CVE Ref: CVE-2013-2289
Release Date: 2013/03/01
Discover Credits: CodeV - Code Analyzer
Bulletin Author(s): AMPP - CodeV Team
Type: Cross Site Scripting
Level: High (Low/High/Critical)
CVSS: 3.4 (Av:N/AC:L/Au:S/C:C/I:P/A:N)
Vulnerable Application: Batavi version 1.2.2
All the open source ecommerce you'll ever need, in one package.
Generally, by exploiting this kind of vulnerability, it might be possible to achieve possible attack vectors to various kinds of attacks such as:
- Session/Cookie theft
- Account Hijacking
- Identity theft
- Accessing confidential resources
- Accessing pay content
- Account Denial of service
Aiming a correct resolution of the identified vulnerability, the data obtained through the input argument should be properly sanitized for HTML and following ECMAS usage.
At the moment, there is no official solution for the reported vulnerability.