SmartStoreNET is the leading open-source e-commerce platform for .NET, which makes it suitable for companies running Windows Server. Next to the operation of an online business, it offers advanced features, such as CRM tools, a blog, and a forum. As a result, a SmartStoreNET instance handles highly sensitive data such as credit card, financial, and personally identifiable information that have to be protected from attackers.
During recent security research, my team and I discovered two vulnerabilities that could allow attackers to gain control of the server where SmartStoreNET is installed by sending one malicious message to the instance’s administrator. In this article, I present the root cause analysis of two Cross-Site Scripting bugs and then describe how they could be exploited by attackers. Finally, I will describe the patches applied by the maintainers and the limitations of those patches.
Read the original article: