Security Operations

Online Shopping Cart Software Vulnerable: German BSI Report

BSI Study Finds Outdated Software, Vulnerable JavaScript Libraries
Online Shopping Cart Software Vulnerable: German BSI Report
Image: Shutterstock

An assessment of online shopping cart software used by e-commerce sites performed by the German cybersecurity agency found a slew of vulnerabilities, including code so old it's no longer supported as well as vulnerable JavaScript libraries.

See Also: Live Webinar | Special Delivery! Defending and Investigating Advanced Intrusions on Secure Email Gateways

The Federal Office for Information Security - better known by its German acronym, BSI - said that it examined third-party web shop systems out of concern about the large amount of sensitive consumer data processed by online shops.

Germany has one of the largest e-commerce markets in Europe. About 8 in 10 residents spend money in online shops, creating a market that was worth $127.5 billion during 2021.

That number has only grown since, given that Germans used online shopping even more during the novel coronavirus epidemic. BSI estimates that 90% of individuals with internet access at least occasionally shop online, typically from a smartphone.

For a study published Monday, BSI officials examined 10 e-commerce checkout platforms including Magento, Zen Cart and PrestaShop.

German officials say all 10 platforms shared the low-level vulnerability of potentially transmitting sensitive information from form fields to third parties through the use of autocomplete. Nine in 10 didn't require users to use strong passwords - a vulnerability BSI classified as medium risk.

An unidentified number of platforms used software that had passed its end-of-life date, meaning that new bugs don't receive official patches. Researchers found one site that was vulnerable to cross-site request forgery and three that were at risk of cross-site scripting.

In a survey BSI conducted, about one-quarter of respondents reported "negative experiences with regard to data security" while shopping online.

BSI assesses that Germany's cyberspace is experiencing mounting levels of cybercrime. The agency's temporary head, Gerhard Schabhüser, used the study results to urge e-commerce platforms to improve their security. "Software manufacturers must carry out regular vulnerability analysis during the product development phase itself," he said.

About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.