SecurityvulnsSECURITYVULNS:DOC:24721PowerStore™ 3 XSS vuln.
###############################################
Vuln. discovered by : r0t
Date: 09 September 2010
vendor:http://www.webassist.com/php-scripts-and-solutions/powerstore/
orginal advisory:http://pridels-team.blogspot.com/2010/09/powerstore-3-xss-vuln.html
affected versions:PowerStore™ 3 and other
versions also can be affected.
###############################################
PowerStore™ 3 contains a flaw that allows a remote Cross-Site
Scripting attacks.Input passed to the "totalRows_WADAProducts"
parameter in "Products_Results.php" isn't properly sanitised before
being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a
user's browser session in context of an affected site.
##############################################
Solution:
Filter malicious characters and character sequences in a web proxy.
###############################################