Comersus BackOffice Plus Multiple Cross-Site Scripting Vulnerabilities

No exploit is required.

The following proof of concept URI is available:
http://www.example.com/backOfficePlus/comersus_backoffice_searchItemForm.asp?forwardTo1=[XSS-CODE]comersus_backoffice_listAssignedCategories.asp&forwardTo2=[XSS-CODE]&nameFT1=[XSS-CODE]Select&nameFT2=[XSS-CODE]


 

Privacy Statement
Copyright 2010, SecurityFocus