Cross Site Scripting in E-Commerce Server

Reported January 24, 2004 by Rafel Ivgi.


  • E-Commerce ASP Engine

DESCRIPTION E-Commerce ASP Engine is vulnerable to cross-site scripting. By crafting a specially formed URL, an attacker can cause code of his or her choice to run on the user's local system. The vulnerability can lead to manipulated Web content, stolen cookie data, or arbitrary actions under the context of the user's Web session.

VENDOR RESPONSE is aware of the problem.


Discovered by Rafel Ivgi.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.