[VIM] Vendor ACK for Quick.cart XSS (CAN-2005-1587)

Steven M. Christey coley at mitre.org
Thu Jul 7 14:30:52 EDT 2005

While wandering the Quick.Cart site looking for a way to download
without registering, just to try to figure out what lostmon got when
he claimed the SQL injection vuln, I ran across this:


Quick.Cart v0.3.1 beta - please test it

  2005-07-06 18:30:30



   security changes:
   -- sWord variable used to find products is now parsed by htmlspecialchars( ) function
   -- checking order status in order print window

- Steve

More information about the VIM mailing list