CVE-2023-54349
5.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Summary
AmazCart CMS 3.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search functionality. Attackers can enter script tags in the search box to execute arbitrary JavaScript that fires when search history is viewed or results are displayed.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Spondonit | AmazCart CMS | 3.4 | affected |
Weaknesses
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://www.exploit-db.com/exploits/51219
- https://spondonit.com/
- https://codecanyon.net/item/amazcart-laravel-ecommerce-system-cms/34962179
- https://www.vulncheck.com/advisories/amazcart-cms-reflected-cross-site-scripting-via-search
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.