https://secure.hostony.com/pay/index.php?Pr...);%3C/script%3E
obviously, that file displays whatever is given to ProductTemplate_Name in the page.
see i could use
https://secure.hostony.com/pay/index.php?Pr...3E%3C/script%3E
then inside mysite.com/myscript.js, it has
CODE
document.write("<?php somePhpCommands; ?>")
then they could use php commands on your site, too.
would this present a security risk to hostony, or am I way off?