[HSC Security Group] XSS in CartWiz
Date: 26 Jul 2005 15:29:41 -0000 To: firstname.lastname@example.org('binary' encoding is not supported, stored as-is) Hackers Center Security Group (http://www.hackerscenter.com/)
Zinho's Security Advisory
Desc: XSS in CartWIZ
Risk: Medium (Cookie stealing)
allows anyone to retrieve cookie and take control over the account.
I noticed there are also some unchecked input when a user log in into his account and change his own personal data.
This could lead to a permanent xss hole much more dangerous than the above.