JShop E-Commerce Suite 1.2 Product.PHP Cross-Site Scripting Vulnerability

2005-01-31T00:00:00
ID EDB-ID:25073
Type exploitdb
Reporter SmOk3
Modified 2005-01-31T00:00:00

Description

JShop E-Commerce Suite 1.2 Product.PHP Cross-Site Scripting Vulnerability. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/12403/info

JShop E-Commerce Suite is affected by a cross-site scripting vulnerability in the 'product.php' script.

As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. 

product.php?xSec=1&xProd=7"><script>alert(document.domain);</script>

product.php?xSec=1"><script>alert(document.domain);</script>&xProd=7