SPA-CART CMS
by Spa Cart
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-58304 | Hig | 0.49 | 7.5 | 0.00 | Dec 11, 2025 | SPA-CART CMS 1.9.0.3 contains a stored cross-site scripting vulnerability in the product description parameter that allows authenticated administrators to inject malicious scripts. Attackers can submit JavaScript payloads through the 'descr' parameter in the product edit form to… | ||
| CVE-2024-6129 | 0.00 | — | 0.01 | Jun 18, 2024 | A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. Affected is an unknown function of the file /login of the component Username Handler. The manipulation of the argument email leads to observable behavioral discrepancy. It is possible to… | |||
| CVE-2024-6128 | 0.00 | — | 0.01 | Jun 18, 2024 | A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This issue affects some unknown processing of the file /checkout of the component Checkout Page. The manipulation of the argument quantity with the input -10 leads to enforcement of… | |||
| CVE-2023-43148 | 0.00 | — | 0.00 | Oct 12, 2023 | SPA-Cart 1.9.0.3 has a Cross Site Request Forgery (CSRF) vulnerability that allows a remote attacker to delete all accounts. | |||
| CVE-2023-43149 | 0.00 | — | 0.01 | Oct 12, 2023 | SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery (CSRF) that allows a remote attacker to add an admin user with role status. |
- risk 0.49cvss 7.5epss 0.00
SPA-CART CMS 1.9.0.3 contains a stored cross-site scripting vulnerability in the product description parameter that allows authenticated administrators to inject malicious scripts. Attackers can submit JavaScript payloads through the 'descr' parameter in the product edit form to…
- CVE-2024-6129Jun 18, 2024risk 0.00cvss —epss 0.01
A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. Affected is an unknown function of the file /login of the component Username Handler. The manipulation of the argument email leads to observable behavioral discrepancy. It is possible to…
- CVE-2024-6128Jun 18, 2024risk 0.00cvss —epss 0.01
A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This issue affects some unknown processing of the file /checkout of the component Checkout Page. The manipulation of the argument quantity with the input -10 leads to enforcement of…
- CVE-2023-43148Oct 12, 2023risk 0.00cvss —epss 0.00
SPA-Cart 1.9.0.3 has a Cross Site Request Forgery (CSRF) vulnerability that allows a remote attacker to delete all accounts.
- CVE-2023-43149Oct 12, 2023risk 0.00cvss —epss 0.01
SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery (CSRF) that allows a remote attacker to add an admin user with role status.