VYPR
Vendor

Spa Cart

Products
2
CVEs
10
Across products
10
Status
Private

Products

2

Recent CVEs

10
  • CVE-2024-58304HigDec 11, 2025
    risk 0.49cvss 7.5epss 0.00

    SPA-CART CMS 1.9.0.3 contains a stored cross-site scripting vulnerability in the product description parameter that allows authenticated administrators to inject malicious scripts. Attackers can submit JavaScript payloads through the 'descr' parameter in the product edit form to…

  • CVE-2023-4547Aug 26, 2023
    risk 0.04cvss epss 0.49

    A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filter[brandid]/filter[price] leads to cross site scripting. The attack may…

  • CVE-2023-4548Aug 26, 2023
    risk 0.03cvss epss 0.20

    A vulnerability classified as critical has been found in SPA-Cart eCommerce CMS 1.9.0.3. This affects an unknown part of the file /search of the component GET Parameter Handler. The manipulation of the argument filter[brandid] leads to sql injection. It is possible to initiate…

  • CVE-2024-6129Jun 18, 2024
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. Affected is an unknown function of the file /login of the component Username Handler. The manipulation of the argument email leads to observable behavioral discrepancy. It is possible to…

  • CVE-2024-6128Jun 18, 2024
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This issue affects some unknown processing of the file /checkout of the component Checkout Page. The manipulation of the argument quantity with the input -10 leads to enforcement of…

  • CVE-2023-43149Oct 12, 2023
    risk 0.00cvss epss 0.01

    SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery (CSRF) that allows a remote attacker to add an admin user with role status.

  • CVE-2023-43148Oct 12, 2023
    risk 0.00cvss epss 0.00

    SPA-Cart 1.9.0.3 has a Cross Site Request Forgery (CSRF) vulnerability that allows a remote attacker to delete all accounts.

  • CVE-2020-23978Aug 27, 2020
    risk 0.00cvss epss 0.02

    SQL injection can occur in Soluzione Globale Ecommerce CMS v1 via the parameter " offerta.php"

  • CVE-2020-23976Aug 27, 2020
    risk 0.00cvss epss 0.02

    Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Injection via the 'content.php' id parameter.

  • CVE-2020-23975Aug 27, 2020
    risk 0.00cvss epss 0.01

    Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has cross site scripting via the 'search.php' id parameter.