https://www.exploit-db.com/exploits/23519
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-1079

FreznoShop1.3.0RC1及其更早版本的search.php存在跨站脚本攻击（XSS）漏洞。远程攻击者可以借助search参数注入任意web脚本或HTML。

source: http://www.securityfocus.com/bid/9359/info

FreznoShop is prone to a cross-site scripting vulnerability. Remote attackers may create malicious links to the software that include hostile HTML and script code. If such a link was followed by a victim user, the attacker-supplied code would be rendered in the security context of the site hosting the software.

This could be exploited to steal cookie-based authentication credentials. Other attacks are also possible.

http://www.example.com/shop/search.php?search=%3Cscript%3Ealert(document.domain);%3C/script%3E

来源:SECTRACK
名称:1008606
链接:http://securitytracker.com/id?1008606
来源:SECUNIA
名称:10547
链接:http://secunia.com/advisories/10547
来源:XF
名称:freznoshop-searchphp-xss(14147)
链接:http://xforce.iss.net/xforce/xfdb/14147
来源:BID
名称:9359
链接:http://www.securityfocus.com/bid/9359
来源:OSVDB
名称:3335
链接:http://www.osvdb.org/3335