Vulnerabilities > CVE-2004-2084 - Cross-Site Scripting vulnerability in JShop E-Commerce Suite xSearch

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

jshop-e-commerce

exploit available

NVD

Published: 2004-02-07

Updated: 2017-07-11

Summary

Cross-site scripting (XSS) vulnerability in search.php in JShop E-Commerce Server allows remote attackers to inject arbitrary web script or HTML via the xSearch parameter.

Vulnerable Configurations

Part	Description	Count
Application	Jshop_E-Commerce Jshop E Commerce Jshop Professional 3.0 Jshop E Commerce Jshop Professional 3.1 Jshop E Commerce Jshop Professional 3.2 Jshop E Commerce Jshop Professional 3.3 Jshop E Commerce Jshop Professional 3.4 Jshop E Commerce Jshop Server 1.0.1 Jshop E Commerce Jshop Server 1.0.2 Jshop E Commerce Jshop Server 1.0.3 Jshop E Commerce Jshop Server 1.0.4 Jshop E Commerce Jshop Server 1.1.0 Jshop E Commerce Jshop Server 1.2.0	11

Exploit-Db

description	JShop E-Commerce Suite xSearch Cross-Site Scripting Vulnerability. CVE-2004-2084. Webapps exploit for php platform
id	EDB-ID:23666
last seen	2016-02-02
modified	2004-02-09
published	2004-02-09
reporter	David Sopas Ferreira
source	https://www.exploit-db.com/download/23666/
title	JShop E-Commerce Suite xSearch Cross-Site Scripting Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References