A persistent input validation web vulnerability has been discovered in the official Sellacious eCommerce Shop CMS (2020 Q1). The vulnerability allows remote attackers to inject own malicious script codes with persistent attack vector to compromise browser to web-application requests from the application-side. The cross site web vulnerabilities are located in the all the adress input fields of the 'Manage Your Addresses' module. Remote attackers are able to register a low privilege user account to inject own malicious script code to the adress information page. The execution of the script code occurs each time the adress information is used in the web ui of the ecommerce application. The request method to inject is POST and the attack vector is persistent on the application-side. Successful exploitation of the vulnerabilities results in session hijacking, persistent phishing attacks, persistent external redirects to malicious source and persistent manipulation of affected application modules.