{"id":"CVE-2025-40627","details":"Reflected Cross-Site Scripting (XSS) vulnerability in AbanteCart v1.4.0, that could allow an attacker to execute JavaScript code in a victim's browser by sending the victim a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user, through \"/eyes?\n\n[XSS_PAYLOAD]\".","modified":"2026-04-10T05:26:24.702078Z","published":"2025-05-12T12:15:17.993Z","references":[{"type":"ADVISORY","url":"https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scripting-xss-abantecart"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/abantecart/abantecart-src","events":[{"introduced":"0"},{"last_affected":"b60f8a0448fe0491c3659c6da96377a03bdfdcb7"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.4.0"}]}}],"versions":["1.2.10","1.2.11","1.2.12","1.2.13","1.2.14","1.2.15","1.2.16","1.2.8","1.3.0","1.3.1","1.3.2","1.3.3","1.3.3.0","1.3.3.alpha","1.3.4","1.4.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40627.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}