CVE-2023-4547
published 2023-08-26CVE-2023-4547: A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file…
PriorityP354medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
48.53%
98.7th percentile
A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filter[brandid]/filter[price] leads to cross site scripting. The attack may be launched remotely. VDB-238058 is the identifier assigned to this vulnerability.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| spa-cart | ecommerce_cms | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS
exploitdb·2023-09-04·CVSS 3.5
CVE-2023-4547 [LOW] SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS
SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS
---
# Exploit Title: SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS
# Exploit Author: CraCkEr
# Date: 20/08/2023
# Vendor: SPA-Cart
# Vendor Homepage: https://spa-cart.com/
# Software Link: https://demo.spa-cart.com/
# Version: 1.9.0.3
# Tested on: Windows 10 Pro
# Impact: Manipulate the content of the site
# CVE: CVE-2023-4547
# CWE: CWE-79 - CWE-74 - CWE-707
## Greetings
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
CryptoJob (Twitter) twitter.com/0x0CryptoJob
## Description
The attacker can send to victim a link containing a malicious URL in an email or instant message
can perform a wide variety of actions, such as stealing the victim's session token or login credentials
Path: /search
GET para
Nuclei
SPA-Cart eCommerce CMS 1.9.0.3 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2023-4547 [MEDIUM] SPA-Cart eCommerce CMS 1.9.0.3 - Cross-Site Scripting
SPA-Cart eCommerce CMS 1.9.0.3 - Cross-Site Scripting
A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filter[brandid]/filter[price] leads to cross site scripting. The attack may be launched remotely. VDB-238058 is the identifier assigned to this vulnerability.
Template:
id: CVE-2023-4547
info:
name: SPA-Cart eCommerce CMS 1.9.0.3 - Cross-Site Scripting
author: theamanrawat,SoSpiRo
severity: medium
description: |
A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filter[brandid]/filter[p
http://packetstormsecurity.com/files/174343/SPA-Cart-eCommerce-CMS-1.9.0.3-Cross-Site-Scripting.htmlhttps://vuldb.com/?ctiid.238058https://vuldb.com/?id.238058http://packetstormsecurity.com/files/174343/SPA-Cart-eCommerce-CMS-1.9.0.3-Cross-Site-Scripting.htmlhttps://vuldb.com/?ctiid.238058https://vuldb.com/?id.238058
2023-08-26
Published