SunShop Shopping Cart 1.5/2.x - User-Embedded Scripting

Author: ppp-design
type: webapps
platform: php
port: 
date_added: 2002-04-13  
date_updated: 2012-09-19  
verified: 1  
codes: CVE-2002-0553;OSVDB-5235  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 21377.txt  

source: https://www.securityfocus.com/bid/4506/info

SunShop is commercial web store software. It is written in PHP, and will run on most Unix and Linux operating systems as well as Microsoft Windows.

SunShop allows attackers to embed arbitrary script code into form fields. This may enable a remote attacker to perform actions as the administrative user of the shopping cart.

Enter the following name when registering as a new customer:

blackhat<script>alert('ouch')</script>