CVE-2023-4547
LowCVSS 3.5Exploitation Probability (EPSS)
Very high risk99th percentile — higher than 99% of all known CVEs
Summary
A vulnerability was found in SPA-Cart eCommerce CMS version 1.9.0.3, rated as problematic. Manipulation of the arguments filter[brandid] and filter[price] in the /search file leads to cross-site scripting attacks.
Risk Assessment
An attacker can remotely exploit this vulnerability, potentially leading to user data theft or session hijacking.
Recommendation
It is recommended to update to the latest version of SPA-Cart eCommerce CMS and implement input data filtering to minimize the risk of XSS attacks.
Original NVD description (English source)
A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filter[brandid]/filter[price] leads to cross site scripting. The attack may be launched remotely. VDB-238058 is the identifier assigned to this vulnerability.

