A Stored Cross Site Scripting (XSS) vulnerability was discovered in SPA-CART CMS version 1.9.0.3. By injecting malicious code into the 'descr' parameter via a POST request, an attacker can execute arbitrary scripts in the context of a user's browser.
The attacker can send to victim a link containing a malicious URL in an email or instant message, which can perform a wide variety of actions, such as stealing the victim's session token or login credentials
SQL injection attacks can allow unauthorized access to sensitive data, modification of data and crash the application or make it unavailable, leading to lost revenue and damage to a company's reputation.
Services By CQR