https://www.exploit-db.com/exploits/23899
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-306

CactuShop5.x版本的popuplargeimage.asp存在跨站脚本（XSS）漏洞。远程攻击者借助strImageTag参数注入任意web脚本或者HTML。

source: http://www.securityfocus.com/bid/10020/info

Reportedly CactuShop is prone to a remote cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI input.

This issue could permit a remote attacker to create a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks. 

http://www.example.com/popuplargeimage.asp?strImageTag=<script>alert(document.cookie)</script>

http://www.example.com/popuplargeimage.asp?strImageTag=<img+src="uploads/images_products_large/113.gif"%20onLoad="alert(document.cookie)">

来源:SECUNIA
名称:11272
链接:http://secunia.com/advisories/11272
来源:XF
名称:cactushop-popularlargeimageasp-xss(15687)
链接:http://xforce.iss.net/xforce/xfdb/15687
来源:BID
名称:10020
链接:http://www.securityfocus.com/bid/10020
来源:OSVDB
名称:4787
链接:http://www.osvdb.org/4787
来源:BUGTRAQ
名称:20040331CactuSoftCactuShopv5.xshoppingcartsoftwaremultiplesecurity
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=108075059013762&w;=2
来源:FULLDISC
名称:2004031CactuSoftCactuShopv5.xshoppingcartsoftwaremultiplesecurityvulnerabilities
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/019566.html
来源:SECTRACK
名称:1009601
链接:http://securitytracker.com/id?1009601