Lucene search

K

CartWIZ 1.10 - 'login.asp' Message Argument Cross-Site Scripting

๐Ÿ—“๏ธย 23 Apr 2005ย 00:00:00Reported byย DcrabTypeย 
exploitdb
ย exploitdb
๐Ÿ”—ย www.exploit-db.com๐Ÿ‘ย 16ย Views

Show more
Code
source: https://www.securityfocus.com/bid/13341/info

CartWIZ is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. 

http://www.example.com/store/login.asp?message='"><script>alert(document.cookie)</script>&redirect= 

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
23 Apr 2005 00:00Current
7.4High risk
Vulners AI Score7.4
16
.json
Report