Reflected Cross-Site Scripting in AmazCart CMS 3.4 by Spondonit
CVE-2023-54349

5.1MEDIUM

Key Information:

Vendor

Spondonit

Status
Amazcart Cms
Vendor
CVE Published:
5 May 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2023-54349?

AmazCart CMS version 3.4 is susceptible to a reflected cross-site scripting vulnerability that enables unauthenticated attackers to inject harmful scripts through the search functionality. Malicious users can leverage this flaw by inputting script tags in the search box, which can then execute arbitrary JavaScript when users view search history or when results are rendered. This vulnerability poses a significant risk to web applications using this CMS, necessitating immediate remediation to protect users from potential attacks.

Affected Version(s)

AmazCart CMS 3.4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-54349 - Proof of Concept

References

https://www.exploit-db.com/exploits/51219
exploit
https://spondonit.com/
product
https://codecanyon.net/item/amazcart-laravel-ecommerce-sy...
product

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Sajibe Kanti
.