Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore allow remote attackers to inject arbitrary web script or HTML via the (1) sEmail parameter to owContactUs.asp, (2) bSub parameter to owListProduct.asp, or the (3) Name, (4) Email, or (5) Comment fields in owProductDetail.asp.
marc.info/?l=bugtraq&m=111352017704126&w=2
secunia.com/advisories/14969
securitytracker.com/id?1013720
www.oneworldstore.com/support_security_issue_updates.asp#April_15_2005_DCrab
www.osvdb.org/15521
www.osvdb.org/15522
www.osvdb.org/15523
www.securityfocus.com/bid/13184
www.securityfocus.com/bid/13185
www.securityfocus.com/bid/13186
exchange.xforce.ibmcloud.com/vulnerabilities/20096