7 lines
No EOL
539 B
Text
7 lines
No EOL
539 B
Text
source: https://www.securityfocus.com/bid/8722/info
|
|
|
|
A-Cart has been reported prone to a cross-site scripting vulnerability. The issue presents itself likely due to a lack of sufficient sanitization performed on data contained in the 'msg' URI parameter that is passed to signin.asp.
|
|
|
|
An attacker could exploit this condition to render arbitrary HTML in the browser of a victim, stealing cookie authentication credentials or performing other nefarious acts.
|
|
|
|
http://www.example.com/acartpath/signin.asp?msg=<script>alert('Zone-h')</script> |