Vulnerabilities > SPA Cart > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-12 | CVE-2023-43148 | Cross-Site Request Forgery (CSRF) vulnerability in Spa-Cart 1.9.0.3 SPA-Cart 1.9.0.3 has a Cross Site Request Forgery (CSRF) vulnerability that allows a remote attacker to delete all accounts. | 8.1 |
| 2023-10-12 | CVE-2023-43149 | Cross-Site Request Forgery (CSRF) vulnerability in Spa-Cart 1.9.0.3 SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery (CSRF) that allows a remote attacker to add an admin user with role status. | 8.8 |