SPA-Cart eCommerce CMS 1.9.0.3 - Cross-Site Scripting

A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filterbrandid/filterprice leads to cross site scripting. The attack may be launched remotely...

CVE-2026-4547

The CVE-2026-4547 entry concerns mickasmt next-saas-stripe-starter v1.0.0. The vulnerable component is the Checkout Handler’s file actions/generate-user-stripe.ts, specifically the function generateUserStripe. The issue arises from manipulation of the priceId argument, causing business logic erro...

CVE-2017-4547

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none...

EUVD-2026-4547

The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to update plugin setting...

CVE-2022-4547

The Conditional Payment Methods for WooCommerce WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin|users with a role as low as admin...

CVE-2025-4547

creationtimestamp| type| source ---|---|--- 2025-05-11 21:21:32+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lowf5polpjg2 2025-05-12 00:13:31+00:00| seen| https://t.me/cvedetector/25052 2025-05-12 00:41:55+00:00| seen|...

CVE-2025-4547

A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Add User Page. The manipulation leads to cross site scripting. The attack may be launched remotely...

CVE-2024-4547 Delta Electronics DIAEnergie Unauthenticated SQL Injection

A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field...

CVE-2024-4547 Delta Electronics DIAEnergie Unauthenticated SQL Injection

A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field...

CVE-2024-4547

CVE-2024-4547 affects Delta Electronics DIAEnergie, versions 1.10.1.8610 and earlier. The vulnerability arises when CEBC.exe processes a 'RecalculateScript' message that is split into four fields by the '~' separator; the attacker can perform unauthenticated SQL injection via the fourth field. Do...

CVE-2018-4547

creationtimestamp| type| source ---|---|--- 2023-09-14 22:30:52+00:00| seen| https://t.me/cibsecurity/70486...

CVE-2018-4547

Rejected reason: This candidate is unused by its CNA...

SPA-Cart eCommerce CMS 1.9.0.3 Cross Site Scripting Vulnerability

Exploit Title: SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS Exploit Author: CraCkEr Date: 20/08/2023 Vendor: SPA-Cart Vendor Homepage: https://spa-cart.com/ Software Link: https://demo.spa-cart.com/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4547 CWE:...

CVE-2023-4547

creationtimestamp| type| source ---|---|--- 2023-08-26 12:14:49+00:00| seen| https://t.me/cibsecurity/69241...

CVE-2023-4547

A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filterbrandid/filterprice leads to cross site scripting. The attack may be launched remotely...

CVE-2023-4547

SPA-Cart eCommerce CMS 1.9.0.3 is affected by a cross-site scripting vulnerability in the /search endpoint. The issue stems from unsanitized input in the parameters filter[brandid] and filter[price] , which can be exploited remotely to inject script. Mitigation: upgrade to a version newer than 1....

CVE-2022-4547

creationtimestamp| type| source ---|---|--- 2023-01-16 18:24:20+00:00| seen| https://t.me/cibsecurity/56547 2025-04-04 18:36:13+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/10520...

CVE-2022-4547 Conditional Payment Methods for WooCommerce <= 1.0 - Admin+ SQLi

The Conditional Payment Methods for WooCommerce WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin|users with a role as low as admin...

CVE-2022-4547

CVE-2022-4547 refers to a SQL injection in the Conditional Payment Methods for WooCommerce WordPress plugin up to version 1.0, caused by improper sanitisation/escaping of a parameter before SQL usage. The vulnerability enables exploitation by high-privilege users (e.g., admin) and is documented w...

Mageia: Security Advisory (MGASA-2013-0349)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...