Summary
The remote host is running J-Shop, an e-Commerce suite written in PHP.
The remote version of this software is vulnerable to a cross-site scripting attack.
An attacker can exploit it by compromising the parameters to the files help.php and/or search.php.
This can be used to take advantage of the trust between a client and server allowing the malicious user to execute malicious JavaScript on the client's machine.
Solution
Upgrade to the latest version of this software
Severity
Classification
-
CVE CVE-2004-2084 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Apache Tomcat Directory Listing and File disclosure
- Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
- AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities