vendor:
Happymall E-Commerce
by:
SecurityFocus
4.3
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: Happymall E-Commerce
Affected Version From: Happymall E-Commerce
Affected Version To: Happymall E-Commerce
Patch Exists: YES
Related CWE: CVE-2002-1490
CPE: a:happymall:happymall_e-commerce
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: None
2002
Happymall E-Commerce Cross-Site Scripting Vulnerability
Happymall E-Commerce is prone to cross-site scripting attacks due to insufficient sanitization of user-supplied URI parameters. An attacker can execute arbitrary script code within the browser of a legitimate user visiting the site by crafting a malicious URL.
Mitigation:
Input validation should be used to ensure that user-supplied data is properly sanitized.
