header-logo
Suggest Exploit
vendor:
Happymall E-Commerce
by:
SecurityFocus
4.3
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: Happymall E-Commerce
Affected Version From: Happymall E-Commerce
Affected Version To: Happymall E-Commerce
Patch Exists: YES
Related CWE: CVE-2002-1490
CPE: a:happymall:happymall_e-commerce
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2002

Happymall E-Commerce Cross-Site Scripting Vulnerability

Happymall E-Commerce is prone to cross-site scripting attacks due to insufficient sanitization of user-supplied URI parameters. An attacker can execute arbitrary script code within the browser of a legitimate user visiting the site by crafting a malicious URL.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7557/info

IT has been reported that Happymall E-Commerce is prone to cross-site scripting attacks. The problem occurs due to insufficient sanitization of user-supplied URI parameters. As a result, it may be possible for an attacker to execute arbitrary script code within the browser of a legitimate user visiting the site. 

http://www.target.com/shop/normal_html.cgi?file=<script>alert("XSS")</script>

Navigation

Suggest Exploit

Services By CQR