[] NeoSense
E X P L O I T S
title author type platform port cve id

Alan Ward A-Cart 2.0 - MSG Cross-Site Scripting

Author: G00db0y
type: webapps
platform: asp
port: 
date_added: 2003-09-29 
date_updated: 2012-12-06 
verified: 1 
codes: OSVDB-2617 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/8722/info

A-Cart has been reported prone to a cross-site scripting vulnerability. The issue presents itself likely due to a lack of sufficient sanitization performed on data contained in the 'msg' URI parameter that is passed to signin.asp.

An attacker could exploit this condition to render arbitrary HTML in the browser of a victim, stealing cookie authentication credentials or performing other nefarious acts.

http://www.example.com/acartpath/signin.asp?msg=<script>alert('Zone-h')</script>
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.