AbanteCart 1.2.12 has reflected cross-site scripting (XSS) via the sort parameter, as demonstrated by a /apparel--accessories?sort= substring.
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Link | Tags |
---|---|
http://packetstormsecurity.com/files/151305/Abantecart-1.2.12-Cross-Site-Scripting.html | vdb entry third party advisory |
http://seclists.org/fulldisclosure/2019/Jan/59 | third party advisory mailing list |
https://github.com/abantecart | third party advisory |