CVE-2004-1797
Description
FreznoShop 1.3.0 RC1 and earlier is vulnerable to XSS via the search parameter, allowing script injection and potential cookie theft.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
FreznoShop 1.3.0 RC1 and earlier is vulnerable to XSS via the search parameter, allowing script injection and potential cookie theft.
Vulnerability
FreznoShop versions 1.3.0 RC1 and earlier contain a cross-site scripting (XSS) vulnerability in the search.php script. This flaw allows remote attackers to inject arbitrary web script or HTML code by manipulating the search parameter [1].
Exploitation
An attacker can craft a malicious link that includes arbitrary HTML and script code within the search parameter of the search.php script. If a victim user clicks on this link, the attacker-supplied code will be executed within the security context of the website hosting FreznoShop [1].
Impact
Successful exploitation of this vulnerability can lead to the theft of cookie-based authentication credentials. Other malicious actions are also possible, depending on the injected script [1].
Mitigation
FreznoShop versions 1.3.0 RC1 and earlier are affected. No specific patched version or release date is available in the provided references. It is recommended to upgrade to a non-vulnerable version once available. Information regarding workarounds or if the software is end-of-life (EOL) is not disclosed in the available references [1].
AI Insight generated on Jun 2, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=1.3.0 RC1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- secunia.com/advisories/10547nvdExploitPatch
- securitytracker.com/idnvdExploitPatch
- www.securityfocus.com/bid/9359nvdExploit
- www.freznoshop.com/changelog_en.htmnvd
- www.osvdb.org/3335nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/14147nvd
News mentions
0No linked articles in our index yet.