Comersus Open Technologies Comersus 5.0 comersus_message.asp XSS

2004-07-07T00:00:00
ID EDB-ID:24261
Type exploitdb
Reporter Thomas Ryan
Modified 2004-07-07T00:00:00

Description

Comersus Open Technologies Comersus 5.0 comersus_message.asp XSS. CVE-2004-0681. Webapps exploit for asp platform

                                        
                                            source: http://www.securityfocus.com/bid/10674/info
 
Comersus Cart is reported prone to multiple vulnerabilities. These issues may allow a remote attacker to carry out cross-site scripting attacks and manipulate parameters to change the price of an order.
 
Comersus Cart version 5.09 is affected by these issues, however, other versions may be prone to these vulnerabilities as well.

http://www.example.com/comersus/backofficeLite/comersus_backoffice_message.asp?message=<script>alert("VULNERABLE_TO_XSS")</script>