SPA-Cart eCommerce CMS 1.9.0.3 - Cross-Site Scripting

A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filterbrandid/filterprice leads to cross site scripting. The attack may be launched remotely...

CVE-2023-43149

SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery CSRF that allows a remote attacker to add an admin user with role status...

CVE-2023-4548

A vulnerability classified as critical has been found in SPA-Cart eCommerce CMS 1.9.0.3. This affects an unknown part of the file /search of the component GET Parameter Handler. The manipulation of the argument filterbrandid leads to sql injection. It is possible to initiate the attack remotely...

CVE-2024-58304 SPA-CART CMS 1.9.0.3 Stored Cross-Site Scripting

SPA-CART CMS 1.9.0.3 contains a stored cross-site scripting vulnerability in the product description parameter that allows authenticated administrators to inject malicious scripts. Attackers can submit JavaScript payloads through the 'descr' parameter in the product edit form to execute arbitrary...

CVE-2024-58304

CVE-2024-58304 – SPA-CART CMS 1.9.0.3 is affected by a stored cross-site scripting vulnerability in the product description parameter. The issue allows authenticated administrators to inject JavaScript via the descr field in the product edit form, causing arbitrary code execution in the web brows...

SPA-CART CMS 跨站脚本漏洞

SPA-CART CMS is a content management system for Oleg Individual Developers. A cross-site scripting vulnerability exists in SPA-CART CMS version 1.9.0.3, which stems from the presence of stored cross-site scripting in the product description parameter that could lead to the execution of arbitrary...

EUVD-2023-54403

Malicious code in bioql PyPI...

EUVD-2023-47568

Malicious code in bioql PyPI...

EUVD-2023-47567

Malicious code in bioql PyPI...

CVE-2023-43148

SPA-Cart 1.9.0.3 has a Cross Site Request Forgery CSRF vulnerability that allows a remote attacker to delete all accounts...

SPA-Cart Security Breach

SPA-Cart is a shopping cart software from SPA-Cart, Inc. A security vulnerability exists in SPA-Cart version 1.9.0.6, which stems from the fact that incorrect manipulation of the parameter quantity can lead to the enforcement of a behavioral workflow...

SPA-Cart Security Breach

SPA-Cart is a shopping cart software from SPA-Cart, Inc. A security vulnerability exists in SPA-Cart version 1.9.0.6, which stems from an incorrect manipulation of the parameter email that can lead to observable behavioral differences...

PT-2024-37404 · Unknown · Spa-Cartcms

Name of the Vulnerable Software and Affected Versions: spa-cartcms version 1.9.0.6 Description: A problematic issue has been found in the Checkout Page component, affecting the processing of the file /checkout. The manipulation of the quantity argument with the input -10 leads to enforcement of...

PT-2024-37405 · Unknown · Spa-Cartcms

Name of the Vulnerable Software and Affected Versions: spa-cartcms version 1.9.0.6 Description: A problematic issue was found in the Username Handler component, specifically in the /login file, where manipulating the email argument leads to observable behavioral discrepancy. This issue can be...

SPA-CART CMS - Stored XSS Vulnerability

Exploit Title: SPA-CART CMS - Stored XSS Exploit Author: Eren Sen Vendor: SPA-Cart Vendor Homepage: https://spa-cart.com/ Software Link: https://demo.spa-cart.com/ Version: 1.9.0.3 CVE-ID: N/A Tested on: Kali Linux / Windows 10 Vulnerabilities Discovered Date : 2024/01/03 Vulnerability Type: Stor...

SPA-CART CMS - Stored XSS

Exploit Title: SPA-CART CMS - Stored XSS Date: 2024-01-03 Exploit Author: Eren Sen Vendor: SPA-Cart Vendor Homepage: https://spa-cart.com/ Software Link: https://demo.spa-cart.com/ Version: 1.9.0.3 CVE-ID: N/A Tested on: Kali Linux / Windows 10 Vulnerabilities Discovered Date : 2024/01/03...

SPA-CART CMS 1.9.0.3 Cross Site Scripting

Exploit Title: SPA-CART CMS - Stored XSS Date: 2024-01-03 Exploit Author: Eren Sen Vendor: SPA-Cart Vendor Homepage: https://spa-cart.com/ Software Link: https://demo.spa-cart.com/ Version: 1.9.0.3 CVE-ID: N/A Tested on: Kali Linux / Windows 10 Vulnerabilities Discovered Date : 2024/01/03...

CVE-2023-43148

SPA-Cart 1.9.0.3 has a Cross Site Request Forgery CSRF vulnerability that allows a remote attacker to delete all accounts...

CVE-2023-43148

SPA-Cart 1.9.0.3 has a Cross Site Request Forgery CSRF vulnerability that allows a remote attacker to delete all accounts...

Cross site request forgery (csrf)

SPA-Cart 1.9.0.3 has a Cross Site Request Forgery CSRF vulnerability that allows a remote attacker to delete all accounts...