CVE-2023-54349
Reflected XSS in AmazCart CMS Search Functionality
Publication date: 2026-05-05
Last updated on: 2026-05-05
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| codethemes | amazcart_cms | 3.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
AmazCart CMS version 3.4 contains a reflected Cross-Site Scripting (XSS) vulnerability. This means that attackers can inject malicious scripts into the application by submitting specially crafted payloads through the search functionality without needing to log in.
When a user performs a search and views the search history or the search results, the injected malicious JavaScript executes in the user's browser. This happens because the application does not properly sanitize user input in the search box.
For example, an attacker can enter a script tag like "><script>alert(1)</script> in the search box, which triggers the execution of that script, demonstrating the vulnerability.
How can this vulnerability impact me? :
This vulnerability can impact users and administrators of AmazCart CMS by allowing attackers to execute arbitrary JavaScript in the context of the affected website.
- Attackers can steal sensitive information such as session cookies or authentication tokens.
- It can lead to unauthorized actions performed on behalf of users (session hijacking).
- Malicious scripts can redirect users to phishing sites or deliver malware.
- It undermines user trust and can damage the reputation of the affected e-commerce platform.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the search functionality of AmazCart CMS version 3.4 for reflected cross-site scripting (XSS). Specifically, you can try injecting a simple script payload into the search box and observe if it executes when viewing search results or search history.
- Use the payload "><script>alert(1)</script> in the search input field.
- If an alert popup appears when viewing search results or history, the vulnerability is present.
There are no specific network commands provided, but manual testing through the web interface with the above payload is effective.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include sanitizing and validating all user inputs on the search functionality to prevent script injection.
Apply patches or updates provided by the vendor or developer that address this reflected XSS vulnerability.
As a temporary workaround, disable or restrict the search feature if possible until a fix is applied.
Educate users to avoid clicking suspicious links or search results that might trigger malicious scripts.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the reflected cross-site scripting vulnerability in AmazCart CMS 3.4 impacts compliance with common standards and regulations such as GDPR or HIPAA.