AShop Deluxe And AShop Administration Panel Multiple Cross-Site Scripting Vulnerabilities

AShop Deluxe And AShop Administration Panel Multiple Cross-Site Scripting Vulnerabilities

An attacker can exploit these issues by enticing an unsuspecting victim to follow a malicious URI.

The following proof-of-concept URIs are available:

http://www.example.com/ashop/catalogue.php?cat=[XSS]
http://www.example.com/ashop/catalogue.php?exp=[XSS]
http://www.example.com/ashop/basket.php?cat=[XSS]
http://www.example.com/ashop/search.php?searchstring=[XSS]
http://www.example.com/ashop/shipping.php?action=checkout=[XSS]
http://www.example.com/ashop/shipping.php?action=[XSS]
http://www.example.com/cart-path/admin/editcatalogue.php?cat=[XSS]
http://www.example.com/cart-path/admin/salesadmin.php?resultpage=[XSS]