https://www.exploit-db.com/exploits/21961
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-610

MyMarket1.71版本的form_header.php存在跨站脚本（XSS）漏洞。远程攻击者可以借助noticemsg参数注入任意web脚本或HTML。

source: http://www.securityfocus.com/bid/6035/info

MyMarket is prone to cross-site scripting attacks.

HTML tags and script code are not sanitized from CGI variables which may cause user-supplied input to be displayed. As a result, an attacker can create a link to a site running the vulnerable software which contains malicious attacker-supplied HTML and script code.

When this link is visited, the attacker-supplied code will execute in the user's web client in the security context of the site hosting the software. 

http://www.example.com/templates/form_header.php?noticemsg=<Script>javascript:alert(document.cookie)</Script>

来源:BID
名称:6035
链接:http://www.securityfocus.com/bid/6035
来源:XF
名称:mymarket-formheader-xss(10470)
链接:http://www.iss.net/security_center/static/10470.php