GCVE - cpe:2.3:a:abantecart:abantecart:1.4.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:abantecart:abantecart:1.4.0:*:*:*:*:*:*:*

part: a version: 1.4.0 update: *

Vendor	Abantecart (`3857097e-9662-5e7d-b290-ff0ef57eae1f`)
Product	Abantecart (`11871acc-6bd8-5a79-bec4-2b97478c1f45`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:docker/abantecart`	purl2cpe	2026-06-01 10:12:29.713381
`pkg:docker/abantecart/abantecart`	purl2cpe	2026-06-01 10:12:29.713383
`pkg:github/abantecart/abantecart-src`	purl2cpe	2026-06-01 10:12:29.713384

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-40627`	vulnerable	2026-06-03 15:01:13.120821	Reflected Cross-Site Scripting (XSS) in AbanteCart Reflected Cross-Site Scripting (XSS) vulnerability in AbanteCart v1.4.0, that could allow an attacker to execute JavaScript code in a victim's browser by sending the victim a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user, through "/eyes? [XSS_PAYLOAD]". Published: 2025-05-12T11:36:46.597Z Updated: 2025-05-12T18:42:35.890Z Open on db.gcve.eu Reference links https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scripting-xss-abantecart	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-40626`	vulnerable	2026-06-03 15:01:13.120379	Reflected Cross-Site Scripting (XSS) in AbanteCart Reflected Cross-Site Scripting (XSS) vulnerability in AbanteCart v1.4.0, that could allow an attacker to execute JavaScript code in a victim's browser by sending the victim a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user, through "/about_us?[XSS_PAYLOAD]". Published: 2025-05-12T11:31:43.769Z Updated: 2025-05-12T12:36:46.427Z Open on db.gcve.eu Reference links https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scripting-xss-abantecart	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-50802`	vulnerable	2026-06-03 14:57:25.388903	Details available A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update() function in public_html/admin/controller/responses/listing_grid/email_templates.php. The vulnerability is exploitable via the id parameter. Published: 2024-10-31T00:00:00.000Z Updated: 2024-11-04T18:47:48.667Z Open on db.gcve.eu Reference links https://github.com/abantecart/abantecart-src https://chiggerlor.substack.com/p/cve-2024-50801-and-and-cve-2024-50802	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-50801`	vulnerable	2026-06-03 14:57:25.388443	Details available A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update() function in public_html/admin/controller/responses/listing_grid/collections.php. The vulnerability is exploitable via the id parameter. Published: 2024-10-31T00:00:00.000Z Updated: 2024-11-04T18:46:46.125Z Open on db.gcve.eu Reference links https://github.com/abantecart/abantecart-src https://chiggerlor.substack.com/p/cve-2024-50801-and-and-cve-2024-50802	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.