A security vulnerability exists in Haraj v3.7, a buying and selling platform from Haraj Saudi Arabia, due to a cross-site scripting issue in the comments section of advertisements. An attacker could exploit the vulnerability to execute arbitrary Web script or HTML via a crafted POST request.