CVE-2014-10078

An unauthenticated attacker crafts a URL containing a malicious JavaScript payload in the `cn` or `result` parameter and tricks a victim into clicking it [ref_id=1]. The payload is injected by closing an existing `<font>` tag and inserting a `<script>` block, e.g., `?cn=</font><script>alert(1);</script><font>` [ref_id=1]. The attack requires no authentication and is delivered over the StoreGrid web interface on port 6061 [ref_id=1].

The vulnerable files are `interface/registercustomer/onlineregsuccess.php`, `interface/registerreseller/onlineregfailure.php`, `interface/registerclient/onlineregfailure.php`, and `interface/registercustomer/onlineregfailure.php` [ref_id=1]. These PHP scripts reflect user-supplied `cn` and `result` query parameters without sanitization.

No patch is included in the bundle. The advisory does not specify a fix version or remediation steps [ref_id=1][ref_id=2]. To close the vulnerability, the application must properly encode or sanitize the `cn` and `result` parameters before reflecting them in the HTML output, preventing script injection.

1. Access the StoreGrid web interface on port 6061. 2. Visit a URL such as `https://target:6061/interface/registercustomer/onlineregsuccess.php?cn=</font><script>alert(1);</script><font>&result=` [ref_id=1]. 3. Observe that the JavaScript `alert(1)` executes in the browser, confirming reflected XSS.