CVE-2024-58304

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions SPA-CART CMS version 1.9.0.3

Description The software contains a stored cross-site scripting issue in the product description parameter. Authenticated administrators can inject malicious scripts. Attackers can submit JavaScript payloads through the descr parameter in the product edit form, leading to arbitrary code execution in administrative users' browsers.

Recommendations Administrators should sanitize the descr parameter in the product edit form to prevent script injection.

Exploit

Fix

XSS

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-89

Related Identifiers

CVE-2024-58304

Affected Products

Spa-Cartcms

CVE-2024-58304

Weakness Enumeration

Related Identifiers

Affected Products

References · 9