A cross-site scripting vulnerability exists in Haraj v3.7, a buying and selling platform from Haraj Saudi Arabia. The vulnerability stems from a lack of data validation filtering of user-supplied data and output in some DM components. An attacker could exploit this vulnerability to execute arbitrary Web script or HTML via a crafted POST request.