ShopXS v4.0 XSS vuln.
Vuln. discovered by : r0t Date: 10 april 2006 vendor:MK Internet-Service GmbH vendorlink:http://www.shopxs.de/ affected versions:ShopXS-Version 4.00 and previous orginal advisory:http://pridels.blogspot.com/2006/04/shopxs-v40-xss-vuln_10.html
Input passed to the search module field parameter when performing a search isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Solution: Edit the source code to ensure that input is properly sanitised.
Greetings to: der4444,xaPridel,cembo,g0df4th3r, waraxe,FrozenEye,str0ke,RaZbh,rst team,nst team, Minsk,:[PsiHOdelik]:,damrai,UFoloG,verified team, clanger,Hello_its_me,johnco,Txuri,The Cracker, mag2000,fredrau,owen and to all X-ACCESS team!
More information @ unsecured-systems.com/forum/