CVE-2023-54349

MEDIUM

AmazCart CMS 3.4 Reflected Cross-Site Scripting via Search

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-54349. PoCs published by Sajibe Kanti.

AI-analyzed exploit summary The exploit demonstrates a reflected XSS vulnerability in AmazCart CMS 3.4 by injecting a malicious script payload into the search bar, which executes when the search results are displayed. The PoC includes clear steps to reproduce the issue and confirms the vulnerability with a simple alert payload.

Description

AmazCart CMS 3.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search functionality. Attackers can enter script tags in the search box to execute arbitrary JavaScript that fires when search history is viewed or results are displayed.

Exploits (1)

exploitdb WORKING POC

by Sajibe Kanti · textwebappsphp

https://www.exploit-db.com/exploits/51219

View Code ZIP pw:eip

The exploit demonstrates a reflected XSS vulnerability in AmazCart CMS 3.4 by injecting a malicious script payload into the search bar, which executes when the search results are displayed. The PoC includes clear steps to reproduce the issue and confirms the vulnerability with a simple alert payload.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: AmazCart CMS 3.4

No auth needed

Prerequisites: access to the search functionality on the target website

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed May 05, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-51219

https://www.exploit-db.com/exploits/51219

Product product

Official Product Homepage

https://spondonit.com/

Product product

Product Reference

https://codecanyon.net/item/amazcart-laravel-ecommerce-system-cms/34962179

Third Party Advisory third-party-advisory

VulnCheck Advisory: AmazCart CMS 3.4 Reflected Cross-Site Scripting via Search

https://www.vulncheck.com/advisories/amazcart-cms-reflected-cross-site-scripting-via-search

Scores

CVSS v3 6.1

EPSS 0.0027

EPSS Percentile 17.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

Spondonit/AmazCart CMS 3.4

Published May 05, 2026

Tracked Since May 05, 2026