← back
CVE-2023-54349

AmazCart CMS 3.4 Reflected Cross-Site Scripting via Search

CVSS 5.1 MEDIUMEPSS 0.3%CWE-79
AmazCart CMS 3.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search functionality. Attackers can enter script tags in the search box to execute arbitrary JavaScript that fires when search history is viewed or results are displayed.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Affected products
Spondonit · AmazCart CMS
public PoCs found1
cve_referencewww.exploit-db.com/exploits/51219unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://codecanyon.net/item/amazcart-laravel-ecommerce-system-cms/34962179https://spondonit.com/https://www.exploit-db.com/exploits/51219https://www.vulncheck.com/advisories/amazcart-cms-reflected-cross-site-scripting-via-search