vendor:
VP-ASP
by:
Not provided
7.5
CVSS
HIGH
Cross-Site Scripting (XSS)
79
CWE
Product Name: VP-ASP
Affected Version From: VP-ASP versions 5.0 and prior
Affected Version To: Not provided
Patch Exists: Unknown (vendor-supplied fix not confirmed)
Related CWE: Not provided
CPE: Not provided
Platforms Tested: Not provided
Not provided
Cross-Site Scripting Vulnerability in VP-ASP
A remote user can launch cross-site scripting attacks by injecting malicious code through the 'msg' parameter in the 'shoperror.asp' script.
Mitigation:
Implement proper input validation and sanitization to prevent XSS attacks. Apply any vendor-supplied fix if available.