CVE-2009-3598 – eCardMAX FormXP - 'survey_result.php' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2009-3598

Cross-site scripting (XSS) vulnerability in survey_result.php in eCardMAX FormXP 2007 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en survey_result.php en eCardMAX FormXP 2007 permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a través del parámetro sid. • https://www.exploit-db.com/exploits/34871 http://osvdb.org/55859 http://packetstormsecurity.org/0907-exploits/formxp-xss.txt http://secunia.com/advisories/35836 https://exchange.xforce.ibmcloud.com/vulnerabilities/51723 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •