Reported January 24, 2004 by Rafel Ivgi.

VERSIONS AFFECTED

  • NextPlace.com E-Commerce ASP Engine

DESCRIPTION

Nextplace.com E-Commerce ASP Engine is vulnerable to cross-site scripting. By crafting a specially formed URL, an attacker can cause code of his or her choice to run on the user's local system. The vulnerability can lead to manipulated Web content, stolen cookie data, or arbitrary actions under the context of the user's Web session.

VENDOR RESPONSE

Nextplace.com is aware of the problem.

CREDIT

Discovered by Rafel Ivgi.