10 lines
No EOL
856 B
Text
10 lines
No EOL
856 B
Text
source: http://www.securityfocus.com/bid/46250/info
|
|
|
|
WebAsyst Shop-Script is prone to a cross-site-scripting vulnerability and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
|
|
|
|
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
|
|
|
|
|
|
http://www.example.com/html/scripts/index.php?>[xss]
|
|
|
|
http://www.example.com/SC/html/scripts/index.php?did=22&login=1">[xss]&first_name=2"><script>alert(document.cookie)</script>&custgroupID=0&email=&last_name=&ActState=-1&search=%D0%9D%D0%B0%D0%B9%D1%82%D0%B8&charset=cp1251&count_to_export= |