Bugtraq mailing list archives
[HSC Security Group] XSS in CartWiz
From: zinho () hackerscenter com
Date: 26 Jul 2005 15:29:41 -0000
Hackers Center Security Group (http://www.hackerscenter.com/) Zinho's Security Advisory Desc: XSS in CartWIZ Risk: Medium (Cookie stealing) store/viewCart.asp?message=%3Cplaintext%3E allows anyone to retrieve cookie and take control over the account. I noticed there are also some unchecked input when a user log in into his account and change his own personal data. This could lead to a permanent xss hole much more dangerous than the above.
Current thread:
- [HSC Security Group] XSS in CartWiz zinho (Jul 26)