AbanteCart Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2018-20141 - Vulnerability Database
AbanteCart Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2018-20141
Medium
Reference:
CVE-2018-20141
Title:
AbanteCart Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:
AbanteCart 1.2.12 has reflected cross-site scripting (XSS) via the sort parameter as demonstrated by a /apparel--accessoriessort substring.