Web+Shop department.wml deptname Variable XSS

2006-04-08T06:17:36
ID OSVDB:24511
Type osvdb
Reporter OSVDB
Modified 2006-04-08T06:17:36

Description

Manual Testing Notes

http://[target]/cgi-bin/webplus.exe?script=/webpshop/department.wml&deptid=3&deptname=[XSS]

References:

Vendor URL: http://www.talentsoft.com/products/webplusshop/index.en.wml Secunia Advisory ID:19594 Other Advisory URL: http://pridels.blogspot.com/2006/04/web-shop-50-xss.html FrSIRT Advisory: ADV-2006-1289 CVE-2006-1682 Bugtraq ID: 17418