Browse all 3 CVE security advisories affecting SPA-Cart. AI-powered Chinese analysis, POCs, and references for each vulnerability.
SPA-Cart is an e-commerce platform designed for single-page applications, enabling businesses to manage online sales and transactions. Historically, it has been susceptible to cross-site scripting (XSS) and remote code execution (RCE) vulnerabilities, often stemming from improper input validation and insecure deserialization. The platform has recorded three CVEs, including critical flaws that could allow attackers to execute arbitrary code or escalate privileges. While no major public incidents have been widely documented, the consistent presence of vulnerabilities in its codebase highlights ongoing security challenges that require rigorous patch management and secure coding practices to mitigate risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-4548 | SPA-Cart eCommerce CMS GET Parameter search sql injection — eCommerce CMSCWE-89 | 6.3 | Medium | 2023-08-26 |
| CVE-2023-4547 | SPA-Cart eCommerce CMS search cross site scripting — eCommerce CMSCWE-79 | 3.5 | Low | 2023-08-26 |
This page lists every published CVE security advisory associated with SPA-Cart. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.