11 lines
No EOL
739 B
Text
11 lines
No EOL
739 B
Text
source: https://www.securityfocus.com/bid/10534/info
|
|
|
|
A vulnerability exists in the software that may allow a remote user to launch cross-site scripting attacks. The problem is reported to exist due to improper sanitizing of user-supplied data in the 'shoperror.asp' script.
|
|
|
|
An attacker can exploit this issue to steal cookie authentication credentials, or perform other types of attacks.
|
|
|
|
VP-ASP versions 5.0 and prior may be prone to this issue. It is possible that a vendor-supplied fix addresses this issue, however, this has not been confirmed at the moment.
|
|
|
|
http://www.example.com/vpasp/shoperror.asp?msg=<img%20src="javascript:alert('XSS')">
|
|
http://www.example.com/vpasp/shoperror.asp?msg=<meta%20http-equiv='refresh'content=
|
|
'0'> |