Unknown · Spa-Cartcms · CVE-2024-58304
**Name of the Vulnerable Software and Affected Versions**
SPA-CART CMS version 1.9.0.3
**Description**
The software contains a stored cross-site scripting issue in the product description parameter. Authenticated administrators can inject malicious scripts. Attackers can submit JavaScript payloads through the `descr` parameter in the product edit form, leading to arbitrary code execution in administrative users' browsers.
**Recommendations**
Administrators should sanitize the `descr` parameter in the product edit form to prevent script injection.