Vulnerability Database

320,343

Total vulnerabilities in the database

CVE-2020-37003

Sellacious eCommerce 4.6 contains a persistent cross-site scripting vulnerability in the Manage Your Addresses module that allows attackers to inject malicious scripts. Attackers can exploit multiple address input fields like full name, company, and address to execute persistent script code that can hijack user sessions and manipulate application modules.

Published: Jan 30, 2026
Updated: Jan 31, 2026
CVE: CVE-2020-37003
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.4
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

No affected software listed.

https://www.exploit-db.com/exploits/48467
https://www.sellacious.com
https://www.sellacious.com/free-open-source-ecommerce-software
https://www.vulncheck.com/advisories/sellacious-ecommerce-persistent-cross-site-scripting
https://www.vulnerability-lab.com/get_content.php?id=2226

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo