ProductCart XSS Vulnerability

Full Version: ProductCart XSS Vulnerability

GovernmentSecurity.org > General GSO > Exploit & Vulnerability Mailing List Archives

GSecur

Jul 9 2003, 05:30 PM

##################### # ProductCart XSS # # Vulnerability # # found by atomix # ##################### i came across the fact that in an area of ProductCart you are able to manipulate the error message, therefore allowing tags such as <script> and <iframe> to be used: http://www.website.com/ProductCart/pc/msg....script>alert (document.cookie);</script> http://www.website.com/ProductCart/pc/msg....C:\"% 20width=400%20height=400></iframe> -atomix | atom b0mbs

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.