Cross-site scripting vulnerability in products1h.php in ESMI PayPal Storefront allows remote attackers to inject arbitrary web script or HTML via the id parameter.Referenceshttp://www.hackerscenter.com/Archive/view.asp?id=1774http://marc.info/?l=bugtraq&m=111221890614271&w=2http://www.securityfocus.com/bid/12904http://securitytracker.com/id?1013563http://secunia.com/advisories/14711http://www.osvdb.org/15059
