Cross Site Scripting in Sanitization Management System
Description: A cross-site scripting (XSS) vulnerability in Sanitization Management System v1.0 allows potential attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Remarks or Address Fields of the Request Quote Form. As soon as the logged-in staff or admin user opens the quote the XSS is triggered - coupled with the fact that the cookie has no HttpOnly Flag this could be used to steal cookies of logged-in users.