AbanteCart Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2025-40627 - Vulnerability Database

AbanteCart

AbanteCart Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2025-40627

Medium

Reference: CVE-2025-40627

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-40627

Title: AbanteCart Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

Reflected Cross-Site Scripting (XSS) vulnerability inAbanteCart v1.4.0 that could allow an attacker to execute JavaScript code in a victim39s browser by sending the victim a malicious URL. This vulnerability can be exploited to steal sensitive user data such as session cookies or to perform actions on behalf of the user throughquot/eyes XSS_PAYLOADquot.