CVE-2023-54349

Description

AmazCart CMS 3.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search functionality. Attackers can enter script tags in the search box to execute arbitrary JavaScript that fires when search history is viewed or results are displayed.

Predictions

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

References

• https://codecanyon.net/item/amazcart-laravel-ecommerce-system-cms/34962179
• https://spondonit.com/
• https://www.exploit-db.com/exploits/51219
• https://www.vulncheck.com/advisories/amazcart-cms-reflected-cross-site-scripting-via-search

CWEs

CWE-79