e-Courier CMS Tracking xss

🗓️ 03 Nov 2009 00:00:00Reported by BugsNotHugsType

zdt🔗 0day.today👁 24 Views

e-Courier CMS Tracking xss vulnerability in UserGUID paramete

==========================
e-Courier CMS Tracking xss
==========================

Vendor: e-Courier (http://www.ecouriersoftware.com/)
Product: CMS Tracking Site Issue: Cross-Site Scripting.
Description: Nearly all pages include the URI Parameter UserGUID,
which is not sanitized before being included in the response.
 
Example:
https://demo.e-courier.com/demo/home/index.asp?UserGUID="><script>alert(document.cookie)</script>
 
-- 
 
BugsNotHugs
Shared Vulnerability Disclosure Account


 
_______________________________________________

#  0day.today [2018-02-17]  #

03 Nov 2009 00:00Current

7.1High risk

Vulners AI Score7.1

e-courier e-courier-site-issue cross-site-scripting vendor cms-tracking-website-uri-parameter userguid sanitization-flaw bugsnothugs shared-vulnerability-disclosure 0day.today-exploit