An issue was discovered in AbanteCart before 1.3.2. Any low-privileged user with file-upload permissions can upload a malicious SVG document that contains an XSS payload.
References
Link | Resource |
---|---|
https://github.com/abantecart/abantecart-src/releases | Release Notes Third Party Advisory |
https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-abantecart-e-commerce-platform/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-12-14T14:15:20
Updated: 2021-12-14T17:06:19
Reserved: 2021-10-07T00:00:00
Link: CVE-2021-42051
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-12-14T15:15:07.293
Modified: 2021-12-15T22:17:06.407
Link: CVE-2021-42051
JSON object: View
Redhat Information
No data.
CWE