VP-ASP Shopping Cart Multiple Vulnerabilities

Release Date:
June 14, 2004

Severity:
High

Vendor:
Virtual Programming

Software:
VP-ASP Shopping Cart Version 5.x

Remote:
Remotely executable

Vulnerabilities:
Cross Site Scripting
SQL Injection

Technical Details:
Cross Site Scripting Vulnerability was originally found Dec 05, 2003.
http://archives.neohapsis.com/archives/bugtraq/2003-12/0080.html 
Vendor Fix for this was to write a subroutine that validated for