Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_customerAuthenticateForm.asp, (2) comersus_backoffice_message.asp, (3) comersus_supportError.asp, or (4) comersus_message.asp in Comersus Cart 5.09 allow remote attackers to execute web script as other users via the message parameter. This vulnerability is addressed in the following product update:
Comersus Open Technologies, Comersus Cart, 5.098
Publication date: Fri, 06 Aug 2004 09:00:00 +0000