Published: 08/08/2022 Updated: 12/08/2022

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 0

A Cross-site scripting (XSS) vulnerability in json search parse and the json response in wrteam.in, eShop - Multipurpose Ecommerce Store Website version 3.0.4 allows remote malicious users to inject arbitrary web script or HTML via the get_products?search parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wrteam eshop - ecommerce \\/ store website

Exploit Title: eShop - Multipurpose Ecommerce / Store Website 304 - Cross Site Scripting (XSS) CVE: CVE-2022-35493 Exploit Author: Keyvan Hardani Date: 18/11/2021 Update: 01062022 Vendor Homepage: wrteamin/ Version: up to 304 Tested on: Kali Linux - Windows 10 Vulnerability fields: ============= ``` <span class="select2-selection__rendered" id=

CWE-79 https://github.com/Keyvanhardani/Exploit-eShop-Multipurpose-Ecommerce-Store-Website-3.0.4-Cross-Site-Scripting-XSS/blob/main/README.md https://nvd.nist.gov https://github.com/Keyvanhardani/Exploit-eShop-Multipurpose-Ecommerce-Store-Website-3.0.4-Cross-Site-Scripting-XSS

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-35493

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect