CVE-2017-17937

Vulnerability

The Vanguard Marketplace Digital Products PHP application (demo site) is vulnerable to reflected cross-site scripting (XSS) in the /search endpoint. The phps_query parameter is not sanitized before being reflected in the response. Versions up to the latest at the time of disclosure (2017) are affected [1].

Exploitation

An attacker can craft a malicious URL or POST request with a payload in the phps_query parameter, such as 123'"<svg/onload=alert(document.cookie)>'". The victim must be tricked into clicking the link or, due to lack of CSRF protection, submitting a crafted form that triggers the XSS [1]. No authentication is required.

Impact

Successful exploitation allows arbitrary JavaScript execution in the victim's browser context, leading to cookie theft, session hijacking, or defacement. The attacker can also combine with CSRF to perform actions on behalf of the victim [1].

Mitigation

No official patch or fixed version was publicly available as of the disclosure date (December 2017). The vendor should sanitize the phps_query parameter. Users are advised to avoid the vulnerable demo or apply input validation. The CVE is not listed in KEV.