Title: Comersus v6 Shopping Cart Sever Script injection
Risk: High

Comersus is one of the most used Shopping Cart software written in asp, available for *nix and windows platforms.

A critical script injection can lead to admin privileges stealing:

Proof of concept: By registering on the site with username:
" Tommy <script>alert(document.cookie)</script> "

the script will be executed in all the pages in which Tommy's account is listed. Among the other also in the admin pages.
Being comersus a shopping cart script, this is reported as a high risk level issue

Author:
Zinho