source: https://www.securityfocus.com/bid/10534/info A vulnerability exists in the software that may allow a remote user to launch cross-site scripting attacks. The problem is reported to exist due to improper sanitizing of user-supplied data in the 'shoperror.asp' script. An attacker can exploit this issue to steal cookie authentication credentials, or perform other types of attacks. VP-ASP versions 5.0 and prior may be prone to this issue. It is possible that a vendor-supplied fix addresses this issue, however, this has not been confirmed at the moment. http://www.example.com/vpasp/shoperror.asp?msg= http://www.example.com/vpasp/shoperror.asp?msg=