CVE-2023-3683
LowCVSS 3.5Exploitation Probability (EPSS)
Low risk23th percentile — higher than 23% of all known CVEs
Summary
A vulnerability has been found in LivelyWorks Articart 2.0.1 that allows cross site scripting attacks through manipulation of the search_term argument in the /items/search file. The attack can be launched remotely.
Risk Assessment
This vulnerability poses a security risk to the application, allowing attackers to inject malicious code, potentially leading to data theft or session hijacking.
Recommendation
It is recommended to update to the latest version of LivelyWorks Articart and implement input validation to minimize the risk of XSS attacks.
Original NVD description (English source)
A vulnerability has been found in LivelyWorks Articart 2.0.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /items/search. The manipulation of the argument search_term leads to cross site scripting. The attack can be launched remotely. The identifier VDB-234229 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

