CVE-2023-4547

Name of the Vulnerable Software and Affected Versions SPA-Cart eCommerce CMS version 1.9.0.3

Description A vulnerability was found in the SPA-Cart eCommerce CMS, affecting some unknown functionality of the file /search. The manipulation of the arguments filter[brandid] and filter[price] leads to cross-site scripting. The attack may be launched remotely.

Recommendations For SPA-Cart eCommerce CMS version 1.9.0.3, consider disabling the /search functionality until a patch is available. Restrict access to the filter[brandid] and filter[price] arguments in the /search endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.