Reflected XSS in OpenBay Template

[prodigysml]

The Issue

Reflected Cross-Site Scripting (XSS) may allow an attacker to execute JavaScript code in the context of the victim's browser. This may lead to unauthorised actions being performed, unauthorised access to data, stealing of session information, denial of service, etc. An attacker needs to coerce a user into visiting a link with the XSS payload to be properly exploited against a victim.

Where the Issue Occured

The following code shows that the $_GET['token'] variable is reflected to the victim's browser without any input validation, leading to reflected XSS:

OpenCart-Overclocked/upload/admin/view/template/extension/openbay.tpl

Line 95 in d145e4c

var token = "<?php echo $_GET['token']; ?>";

An example payload for the token variable is given below:
"; alert(1); //

[villagedefrance]

Thank you for flagging this.
OpenBay will eventually be completely removed in future versions.

[huntr-helper]

‎‍🛠️ A fix has been provided for this issue. Please reference: 418sec#1

🔥 This fix has been provided through the https://huntr.dev/ bug bounty platform.