Cross-Site Scripting Vulnerability in JShop E-Commerce Server
CVE-2004-2084

Currently unrated

Key Information:

Vendor: Jshop E-commerce
Status: Jshop Server; Jshop Professional
Vendor: CVE Published:; 7 February 2004

🔔 Create Jshop E-commerce Vulnerability Alert

What is CVE-2004-2084?

A cross-site scripting (XSS) vulnerability exists in the search.php component of JShop E-Commerce Server. This flaw allows remote attackers to inject arbitrary web scripts or HTML into the application via the xSearch parameter. If successfully exploited, this can lead to unauthorized actions being taken on behalf of the user, potentially compromising sensitive data or session tokens.

References

http://www.osvdb.org/3889

vdb-entryx_refsource_OSVDB

http://www.systemsecure.org/advisories/ssadvisory09022004...

x_refsource_MISC

http://secunia.com/advisories/10825

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
May 19, 2005
Vulnerability published
Feb 7, 2004

CVE-2004-2084 Data

JSON