Filtered by vendor Spa-cart
Subscriptions
Filtered by product Spa-cart
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-58304 | 1 Spa-cart | 2 Spa-cart, Spa-cartcms | 2025-12-12 | 7.5 High |
| SPA-CART CMS 1.9.0.3 contains a stored cross-site scripting vulnerability in the product description parameter that allows authenticated administrators to inject malicious scripts. Attackers can submit JavaScript payloads through the 'descr' parameter in the product edit form to execute arbitrary code in administrative users' browsers. | ||||
| CVE-2023-43149 | 1 Spa-cart | 1 Spa-cart | 2024-11-21 | 8.8 High |
| SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery (CSRF) that allows a remote attacker to add an admin user with role status. | ||||
| CVE-2023-43148 | 1 Spa-cart | 1 Spa-cart | 2024-11-21 | 8.1 High |
| SPA-Cart 1.9.0.3 has a Cross Site Request Forgery (CSRF) vulnerability that allows a remote attacker to delete all accounts. | ||||
Page 1 of 1.