Description
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Pro 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) payment or (2) send parameter.
Affected products
- alstrasoft / epay2.0 – 2.0
References
- VENDOR_ADVISORYhttp://secunia.com/advisories/14802
- MAILING_LISThttp://marc.info/?l=bugtraq&m=111247198021626&w=2
- MISChttp://www.securityfocus.com/bid/12974