CVE-2023-54349

MEDIUM

AmazCart CMS 3.4 Reflected Cross-Site Scripting via Search

Title source: cna

Description

AmazCart CMS 3.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search functionality. Attackers can enter script tags in the search box to execute arbitrary JavaScript that fires when search history is viewed or results are displayed.

Exploits (1)

exploitdb WORKING POC

by Sajibe Kanti · textwebappsphp

https://www.exploit-db.com/exploits/51219

View Code ZIP pw:eip

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-51219

https://www.exploit-db.com/exploits/51219

Product product

Official Product Homepage

https://spondonit.com/

Product product

Product Reference

https://codecanyon.net/item/amazcart-laravel-ecommerce-system-cms/34962179

Third Party Advisory third-party-advisory

VulnCheck Advisory: AmazCart CMS 3.4 Reflected Cross-Site Scripting via Search

https://www.vulncheck.com/advisories/amazcart-cms-reflected-cross-site-scripting-via-search

Scores

CVSS v3 6.1

EPSS 0.0006

EPSS Percentile 18.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

Spondonit/AmazCart CMS 3.4

Published May 05, 2026

Tracked Since May 05, 2026