Vulnerability Details CVE-2021-42051
An issue was discovered in AbanteCart before 1.3.2. Any low-privileged user with file-upload permissions can upload a malicious SVG document that contains an XSS payload.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.8%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- https://github.com/abantecart/abantecart-src/releases
- https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-abantecart-e-commerce-platform/
- https://github.com/abantecart/abantecart-src/releases
- https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-abantecart-e-commerce-platform/
Products affected by CVE-2021-42051
-
cpe:2.3:a:abantecart:abantecart:1.2.10
-
cpe:2.3:a:abantecart:abantecart:1.2.11
-
cpe:2.3:a:abantecart:abantecart:1.2.12
-
cpe:2.3:a:abantecart:abantecart:1.2.13
-
cpe:2.3:a:abantecart:abantecart:1.2.14
-
cpe:2.3:a:abantecart:abantecart:1.2.15
-
cpe:2.3:a:abantecart:abantecart:1.2.16
-
cpe:2.3:a:abantecart:abantecart:1.2.8
-
cpe:2.3:a:abantecart:abantecart:1.2.9
-
cpe:2.3:a:abantecart:abantecart:1.3.0
-
cpe:2.3:a:abantecart:abantecart:1.3.1