CVE-2004-2701

Name of the Vulnerable Software and Affected Versions AspDotNetStorefront version 3.3

Description A cross-site scripting issue exists due to insufficient validation of user input. The returnurl parameter in the signin.aspx page is vulnerable, allowing remote attackers to inject arbitrary web script or HTML.

Recommendations For version 3.3, ensure proper validation and sanitization of the returnurl parameter in the signin.aspx page to prevent injection of malicious scripts. As a temporary workaround, consider restricting access to the signin.aspx page until a proper fix is applied.