OSCommerce Checkout_Payment.PHP Error Output Cross-Site Scripting Vulnerability

info
discussion
exploit
solution
references

OSCommerce Checkout_Payment.PHP Error Output Cross-Site Scripting Vulnerability

Error output is not sufficiently sanitized of HTML and script code by osCommerce. This may allow for cross-site scripting attacks as remote users could create a malicious link to a site hosting osCommerce which contains hostile HTML and script code. When a such a link is visited, attacker-supplied code could be interpreted in the web client of the user.