Abantecart
Approved changes feed: RSS · Atom
cpe:2.3:a:abantecart:abantecart:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Abantecart (3857097e-9662-5e7d-b290-ff0ef57eae1f) |
|---|---|
| Product | Abantecart (11871acc-6bd8-5a79-bec4-2b97478c1f45) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:docker/abantecart |
purl2cpe | 2026-06-01 10:12:29.713326 |
pkg:docker/abantecart/abantecart |
purl2cpe | 2026-06-01 10:12:29.713329 |
pkg:github/abantecart/abantecart-src |
purl2cpe | 2026-06-01 10:12:29.713332 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-40627 |
vulnerable | 2026-06-03 15:01:13.120783 |
Reflected Cross-Site Scripting (XSS) in AbanteCart
Reflected Cross-Site Scripting (XSS) vulnerability in AbanteCart v1.4.0, that could allow an attacker to execute JavaScript code in a victim's browser by sending the victim a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user, through "/eyes?
[XSS_PAYLOAD]".
Published: 2025-05-12T11:36:46.597Z
Updated: 2025-05-12T18:42:35.890Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-40626 |
vulnerable | 2026-06-03 15:01:13.119179 |
Reflected Cross-Site Scripting (XSS) in AbanteCart
Reflected Cross-Site Scripting (XSS) vulnerability in AbanteCart v1.4.0, that could allow an attacker to execute JavaScript code in a victim's browser by sending the victim a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user, through "/about_us?[XSS_PAYLOAD]".
Published: 2025-05-12T11:31:43.769Z
Updated: 2025-05-12T12:36:46.427Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50802 |
vulnerable | 2026-06-03 14:57:25.388832 |
Details available
A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update() function in public_html/admin/controller/responses/listing_grid/email_templates.php. The vulnerability is exploitable via the id parameter.
Published: 2024-10-31T00:00:00.000Z
Updated: 2024-11-04T18:47:48.667Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50801 |
vulnerable | 2026-06-03 14:57:25.386970 |
Details available
A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update() function in public_html/admin/controller/responses/listing_grid/collections.php. The vulnerability is exploitable via the id parameter.
Published: 2024-10-31T00:00:00.000Z
Updated: 2024-11-04T18:46:46.125Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26521 |
vulnerable | 2026-06-03 14:46:43.340749 |
Details available
Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Catalog>Media Manager>Images settings can be changed by an administrator (e.g., by configuring .php to be a valid image file type).
Published: 2022-03-07T00:00:00.000Z
Updated: 2024-08-03T05:03:32.753Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-42051 |
vulnerable | 2026-06-03 14:45:26.749922 |
Details available
An issue was discovered in AbanteCart before 1.3.2. Any low-privileged user with file-upload permissions can upload a malicious SVG document that contains an XSS payload.
Published: 2021-12-14T14:15:20.000Z
Updated: 2024-08-04T03:22:25.742Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-42050 |
vulnerable | 2026-06-03 14:45:26.749506 |
Details available
An issue was discovered in AbanteCart before 1.3.2. It allows DOM Based XSS.
Published: 2021-12-14T14:09:34.000Z
Updated: 2024-08-04T03:22:25.946Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.