VULHUB ™

A vulnerability exists in the software that may allow a remote user to launch cross-site scripting attacks. The problem is reported to exist due to improper sanitizing of user-supplied data in the 'shoperror.asp' script. An attacker can exploit this issue to steal cookie authentication credentials, or perform other types of attacks. VP-ASP versions 5.0 and prior may be prone to this issue. It is possible that a vendor-supplied fix addresses this issue, however, this has not been confirmed at the moment.

A vulnerability exists in the software that may allow a remote user to launch cross-site scripting attacks. The problem is reported to exist due to improper sanitizing of user-supplied data in the 'shoperror.asp' script. An attacker can exploit this issue to steal cookie authentication credentials, or perform other types of attacks. VP-ASP versions 5.0 and prior may be prone to this issue. It is possible that a vendor-supplied fix addresses this issue, however, this has not been confirmed at the moment.