TalentSoft Web+ Shop Deptname Parameter Cross-Site Scripting Vulnerability

info
discussion
exploit
solution
references

TalentSoft Web+ Shop Deptname Parameter Cross-Site Scripting Vulnerability

This issue can be exploited through a web client.

The following proof-of-concept URI is available:

http://www.example.com/cgi-bin/webplus.exe?script=/webpshop/department.wml&deptid=3&deptname=[XSS]