CVE-2023-4547 LOW

CVE-2023-4547: SPA-Cart eCommerce CMS search cross site scripting

Vendor Spa-Cart

Product eCommerce CMS

Weakness CWE-79 · XSS

Published August 26, 2023

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

3.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filter[brandid]/filter[price] leads to cross site scripting. The attack may be launched remotely. VDB-238058 is the identifier assigned to this vulnerability.

Key dates

02Disclosure timeline

August 26, 2023 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-4547 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-1160 Bold Page Builder <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Link CVE-2025-14393 Wpik WordPress Basic Ajax Form <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2023-34464 XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template CVE-2024-0792 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode CVE-2023-29172 WordPress PropertyHive Plugin <= 1.5.46 is vulnerable to Cross Site Scripting (XSS)