CVE-2023-54349— AmazCart CMS 3.4 Reflected Cross-Site Scripting via Search

AmazCart CMS 3.4 Reflected Cross-Site Scripting via Search

AmazCart CMS 3.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search functionality. Attackers can enter script tags in the search box to execute arbitrary JavaScript that fires when search history is viewed or results are displayed.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

AmazCart CMS 跨站脚本漏洞

AmazCart CMS是AmazCart公司的一个电商内容管理系统。 AmazCart CMS 3.4版本存在跨站脚本漏洞，该漏洞源于反射型跨站脚本漏洞，允许未经身份验证的攻击者通过搜索功能提交有效载荷注入恶意脚本，在搜索框中输入脚本标签执行任意JavaScript，当查看搜索历史或显示结果时触发。

N/A

N/A