CVE-2023-54349
Deferred Deferred - Pending Action
Reflected XSS in AmazCart CMS Search Functionality

Publication date: 2026-05-05

Last updated on: 2026-05-05

Assigner: VulnCheck

Description
AmazCart CMS 3.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search functionality. Attackers can enter script tags in the search box to execute arbitrary JavaScript that fires when search history is viewed or results are displayed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-05
Last Modified
2026-05-05
Generated
2026-06-16
AI Q&A
2026-05-05
EPSS Evaluated
2026-06-14
NVD
CVE-2023-54349
EUVD
EUVD-2023-60574
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
codethemes amazcart_cms 3.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how the reflected cross-site scripting vulnerability in AmazCart CMS 3.4 impacts compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

AmazCart CMS version 3.4 contains a reflected Cross-Site Scripting (XSS) vulnerability. This means that attackers can inject malicious scripts into the application by submitting specially crafted payloads through the search functionality without needing to log in.

When a user performs a search and views the search history or the search results, the injected malicious JavaScript executes in the user's browser. This happens because the application does not properly sanitize user input in the search box.

For example, an attacker can enter a script tag like "><script>alert(1)</script> in the search box, which triggers the execution of that script, demonstrating the vulnerability.

Impact Analysis

This vulnerability can impact users and administrators of AmazCart CMS by allowing attackers to execute arbitrary JavaScript in the context of the affected website.

  • Attackers can steal sensitive information such as session cookies or authentication tokens.
  • It can lead to unauthorized actions performed on behalf of users (session hijacking).
  • Malicious scripts can redirect users to phishing sites or deliver malware.
  • It undermines user trust and can damage the reputation of the affected e-commerce platform.
Detection Guidance

This vulnerability can be detected by testing the search functionality of AmazCart CMS version 3.4 for reflected cross-site scripting (XSS). Specifically, you can try injecting a simple script payload into the search box and observe if it executes when viewing search results or search history.

  • Use the payload "><script>alert(1)</script> in the search input field.
  • If an alert popup appears when viewing search results or history, the vulnerability is present.

There are no specific network commands provided, but manual testing through the web interface with the above payload is effective.

Mitigation Strategies

Immediate mitigation steps include sanitizing and validating all user inputs on the search functionality to prevent script injection.

Apply patches or updates provided by the vendor or developer that address this reflected XSS vulnerability.

As a temporary workaround, disable or restrict the search feature if possible until a fix is applied.

Educate users to avoid clicking suspicious links or search results that might trigger malicious scripts.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-54349. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart