Subject: | XSS vuln in Googlestore |
GoogleStore contains a flaw that allows a remote cross site scripting
attack. This flaw exists because input passed to "code" parameter in
"CA/popups/view.asp" isn't properly sanitised before being returned to
the user.
This could allow a user to create a specially crafted URL that would
execute arbitrary code in a user's browser within the trust relationship
between the browser and the server, leading to a loss of integrity.
example:
http://www.googlestore.com/CA/popups/view.asp?code=[XSS]