Reported January 24, 2004 by Rafel Ivgi.


  • E-Commerce ASP Engine

DESCRIPTION E-Commerce ASP Engine is vulnerable to cross-site scripting. By crafting a specially formed URL, an attacker can cause code of his or her choice to run on the user's local system. The vulnerability can lead to manipulated Web content, stolen cookie data, or arbitrary actions under the context of the user's Web session.

VENDOR RESPONSE is aware of the problem.


Discovered by Rafel Ivgi.