Spa Cart
Products
2- 5 CVEs
- 5 CVEs
Recent CVEs
10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-58304 | Hig | 0.49 | 7.5 | 0.00 | Dec 11, 2025 | SPA-CART CMS 1.9.0.3 contains a stored cross-site scripting vulnerability in the product description parameter that allows authenticated administrators to inject malicious scripts. Attackers can submit JavaScript payloads through the 'descr' parameter in the product edit form to… | ||
| CVE-2023-4547 | 0.04 | — | 0.49 | Aug 26, 2023 | A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filter[brandid]/filter[price] leads to cross site scripting. The attack may… | |||
| CVE-2023-4548 | 0.03 | — | 0.20 | Aug 26, 2023 | A vulnerability classified as critical has been found in SPA-Cart eCommerce CMS 1.9.0.3. This affects an unknown part of the file /search of the component GET Parameter Handler. The manipulation of the argument filter[brandid] leads to sql injection. It is possible to initiate… | |||
| CVE-2024-6129 | 0.00 | — | 0.01 | Jun 18, 2024 | A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. Affected is an unknown function of the file /login of the component Username Handler. The manipulation of the argument email leads to observable behavioral discrepancy. It is possible to… | |||
| CVE-2024-6128 | 0.00 | — | 0.01 | Jun 18, 2024 | A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This issue affects some unknown processing of the file /checkout of the component Checkout Page. The manipulation of the argument quantity with the input -10 leads to enforcement of… | |||
| CVE-2023-43149 | 0.00 | — | 0.01 | Oct 12, 2023 | SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery (CSRF) that allows a remote attacker to add an admin user with role status. | |||
| CVE-2023-43148 | 0.00 | — | 0.00 | Oct 12, 2023 | SPA-Cart 1.9.0.3 has a Cross Site Request Forgery (CSRF) vulnerability that allows a remote attacker to delete all accounts. | |||
| CVE-2020-23978 | 0.00 | — | 0.02 | Aug 27, 2020 | SQL injection can occur in Soluzione Globale Ecommerce CMS v1 via the parameter " offerta.php" | |||
| CVE-2020-23976 | 0.00 | — | 0.02 | Aug 27, 2020 | Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Injection via the 'content.php' id parameter. | |||
| CVE-2020-23975 | 0.00 | — | 0.01 | Aug 27, 2020 | Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has cross site scripting via the 'search.php' id parameter. |
- risk 0.49cvss 7.5epss 0.00
SPA-CART CMS 1.9.0.3 contains a stored cross-site scripting vulnerability in the product description parameter that allows authenticated administrators to inject malicious scripts. Attackers can submit JavaScript payloads through the 'descr' parameter in the product edit form to…
- CVE-2023-4547Aug 26, 2023risk 0.04cvss —epss 0.49
A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filter[brandid]/filter[price] leads to cross site scripting. The attack may…
- CVE-2023-4548Aug 26, 2023risk 0.03cvss —epss 0.20
A vulnerability classified as critical has been found in SPA-Cart eCommerce CMS 1.9.0.3. This affects an unknown part of the file /search of the component GET Parameter Handler. The manipulation of the argument filter[brandid] leads to sql injection. It is possible to initiate…
- CVE-2024-6129Jun 18, 2024risk 0.00cvss —epss 0.01
A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. Affected is an unknown function of the file /login of the component Username Handler. The manipulation of the argument email leads to observable behavioral discrepancy. It is possible to…
- CVE-2024-6128Jun 18, 2024risk 0.00cvss —epss 0.01
A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This issue affects some unknown processing of the file /checkout of the component Checkout Page. The manipulation of the argument quantity with the input -10 leads to enforcement of…
- CVE-2023-43149Oct 12, 2023risk 0.00cvss —epss 0.01
SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery (CSRF) that allows a remote attacker to add an admin user with role status.
- CVE-2023-43148Oct 12, 2023risk 0.00cvss —epss 0.00
SPA-Cart 1.9.0.3 has a Cross Site Request Forgery (CSRF) vulnerability that allows a remote attacker to delete all accounts.
- CVE-2020-23978Aug 27, 2020risk 0.00cvss —epss 0.02
SQL injection can occur in Soluzione Globale Ecommerce CMS v1 via the parameter " offerta.php"
- CVE-2020-23976Aug 27, 2020risk 0.00cvss —epss 0.02
Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Injection via the 'content.php' id parameter.
- CVE-2020-23975Aug 27, 2020risk 0.00cvss —epss 0.01
Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has cross site scripting via the 'search.php' id parameter.