ShopXS v4.0 XSS vuln.

Type securityvulns
Reporter Securityvulns
Modified 2006-04-11T00:00:00


ShopXS v4.0 XSS vuln.

Vuln. discovered by : r0t Date: 10 april 2006 vendor:MK Internet-Service GmbH vendorlink: affected versions:ShopXS-Version 4.00 and previous orginal advisory:

Vuln. Description:

Input passed to the search module field parameter when performing a search isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Solution: Edit the source code to ensure that input is properly sanitised.

Greetings to: der4444,xaPridel,cembo,g0df4th3r, waraxe,FrozenEye,str0ke,RaZbh,rst team,nst team, Minsk,:[PsiHOdelik]:,damrai,UFoloG,verified team, clanger,Hello_its_me,johnco,Txuri,The Cracker, mag2000,fredrau,owen and to all X-ACCESS team!

More information @