Exploitation Summary
EIP tracks 1 public exploit for CVE-2003-0523. PoCs published by atomix.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in ProductCart due to insufficient sanitization of user-supplied input in the 'message' parameter. The PoC includes URLs that inject JavaScript to steal cookies and an iframe to potentially trigger local file access.
Description
Cross-site scripting (XSS) vulnerability in msg.asp for certain versions of ProductCart allow remote attackers to execute arbitrary web script via the message parameter.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in ProductCart due to insufficient sanitization of user-supplied input in the 'message' parameter. The PoC includes URLs that inject JavaScript to steal cookies and an iframe to potentially trigger local file access.