CVE-2022-35493
published 2022-08-08CVE-2022-35493: A Cross-site scripting (XSS) vulnerability in json search parse and the json response in wrteam.in, eShop - Multipurpose Ecommerce Store Website version 3.0.4…
PriorityP432medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
1.42%
69.5th percentile
A Cross-site scripting (XSS) vulnerability in json search parse and the json response in wrteam.in, eShop - Multipurpose Ecommerce Store Website version 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the get_products?search parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wrteam | eshop_ecommerce_store_website | <= 3.0.4 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
eShop 3.0.4 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2022-35493 [MEDIUM] eShop 3.0.4 - Cross-Site Scripting
eShop 3.0.4 - Cross-Site Scripting
eShop 3.0.4 contains a reflected cross-site scripting vulnerability in json search parse and json response in wrteam.in.
Template:
id: CVE-2022-35493
info:
name: eShop 3.0.4 - Cross-Site Scripting
author: arafatansari
severity: medium
description: |
eShop 3.0.4 contains a reflected cross-site scripting vulnerability in json search parse and json response in wrteam.in.
impact: |
Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the website.
remediation: |
To remediate this issue, the application should implement proper input validation and sanitization techniques to prevent the execution of malicious scrip
2022-08-08
Published