NextAge Cart Cross-Site Scripting multiple Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: NextAge Cart Cross-Site Scripting multiple Vulnerabilities
From: meto5757@xxxxxxxxxxx
Date: 15 Sep 2006 15:37:16 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Vulnerable:NextAge Cart Cross-Site Scripting Vulnerability.

Venedor site : http://www.nextagecart.com
Critical Level : Dangerous
Exploiting this issue could allow an attacker to steal cookie-based
authentication credentials and to launch other attacks.

Exploit :
http://www.example.com/[path]/index.php?main=category&sub=product&CatId=[xss]

http://www.example.com/[path]/index.php?SearchOpt=1&main=search&sub=index&SearchWd=[xss]

Prev by Date: Site@School 2.4.02 and below Multiple remote Command Execution Vulnerabilities
Next by Date: [ECHO_ADV_47$2006] WAP Y! Messenger Cross-Site Scripting Vulnerability
Previous by thread: Site@School 2.4.02 and below Multiple remote Command Execution Vulnerabilities
Next by thread: [ECHO_ADV_47$2006] WAP Y! Messenger Cross-Site Scripting Vulnerability
Index(es):
- Date
- Thread