CVE Catalog

CVE-2023-4547

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Very high risk
48.25%

99th percentile — higher than 99% of all known CVEs

Summary

A vulnerability was found in SPA-Cart eCommerce CMS version 1.9.0.3, rated as problematic. Manipulation of the arguments filter[brandid] and filter[price] in the /search file leads to cross-site scripting attacks.

Risk Assessment

An attacker can remotely exploit this vulnerability, potentially leading to user data theft or session hijacking.

Recommendation

It is recommended to update to the latest version of SPA-Cart eCommerce CMS and implement input data filtering to minimize the risk of XSS attacks.

Original NVD description (English source)

A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filter[brandid]/filter[price] leads to cross site scripting. The attack may be launched remotely. VDB-238058 is the identifier assigned to this vulnerability.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS