CVE-2020-37003

MEDIUM

Sellacious eCommerce < 4.6 - Stored Cross-Site Scripting in Manage Your Addresses Module

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37003. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary This exploit demonstrates a persistent cross-site scripting (XSS) vulnerability in Sellacious eCommerce 4.6. The vulnerability allows remote attackers to inject malicious script codes into address input fields, which execute when the address information is displayed.

Description

Sellacious eCommerce 4.6 contains a persistent cross-site scripting vulnerability in the Manage Your Addresses module that allows attackers to inject malicious scripts. Attackers can exploit multiple address input fields like full name, company, and address to execute persistent script code that can hijack user sessions and manipulate application modules.

Exploits (1)

exploitdb WORKING POC

by Vulnerability-Lab · textwebappsphp

https://www.exploit-db.com/exploits/48467

View Code ZIP pw:eip

This exploit demonstrates a persistent cross-site scripting (XSS) vulnerability in Sellacious eCommerce 4.6. The vulnerability allows remote attackers to inject malicious script codes into address input fields, which execute when the address information is displayed.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Sellacious eCommerce 4.6

Auth required

Prerequisites: User account with low privileges · Access to the 'Manage Your Addresses' module

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/48467

Various Sources product

https://www.sellacious.com

Various Sources product

https://www.sellacious.com/free-open-source-ecommerce-software

Various Sources third-party-advisory

https://www.vulnerability-lab.com/get_content.php?id=2226

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/sellacious-ecommerce-persistent-cross-site-scripting

Scores

CVSS v3 6.4

EPSS 0.0025

EPSS Percentile 16.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

Sellacious/Sellacious eCommerce < 4.6

Published Jan 30, 2026

Tracked Since Feb 18, 2026