header-logo
Suggest Exploit
vendor:
Shopzilla Affiliate Script PHP
by:
Unknown
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: Shopzilla Affiliate Script PHP
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: No
Related CWE: Not specified
CPE: Not specified
Metasploit:
Other Scripts:
Platforms Tested: Not specified
Unknown

Cross-Site Scripting Vulnerability in Shopzilla Affiliate Script PHP

The Shopzilla Affiliate Script PHP is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of arbitrary script code. Additionally, web application firewalls and secure coding practices should be employed.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/40246/info

Shopzilla Affiliate Script PHP is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 

http://www.example.com/search.php?s=%3Cscript%3Ealert(/XSS/)%3C/script%3E

Navigation

Suggest Exploit

Services By CQR