Skip to content

Stored XSS in customer name when customer accessed deny resource and redirect to login page #6191

Closed
@trungtin1998

Description

nopCommerce version: 4.50.1

Steps to reproduce the problem:
storedxss_login_customer_name

  • Inject javascript code to First name or Last name at Customer Info
  • When customer accesses deny resources, for example /admin, server will redirect user to login page and show up notification: "You are already logged in as {Customer Name}. You may log in with another account.". Customer Name is reflected in the response without HTML encoding, and cause XSS when displayBarNotification() is called.
    Note: If admin used Place order (impersonate) feature, customer will execute javascript under admin session.

Metadata

Assignees

Labels

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions