0.0

Reflected Cross-Site Scripting (XSS) vulnerability in AbanteCart v1.4.0, that could allow an attacker to execute JavaScript code in a victim's browser by sending the victim a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform acti…

📅 Published: May 12, 2025, 11:36 a.m. 🔄 Last Modified: Oct. 10, 2025, 12:26 p.m.

5.1

CVSS4.0

CVE-2025-40626 - Reflected Cross-Site Scripting (XSS) in AbanteCart

Reflected Cross-Site Scripting (XSS) vulnerability in AbanteCart v1.4.0, that could allow an attacker to execute JavaScript code in a victim's browser by sending the victim a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform acti…

📅 Published: May 12, 2025, 11:31 a.m. 🔄 Last Modified: Oct. 10, 2025, 12:29 p.m.

6.3

CVSS4.0

CVE-2025-47271 - OZI-Project/ozi-publish Code Injection vulnerability

The OZI action is a GitHub Action that publishes releases to PyPI and mirror releases, signature bundles, and provenance in a tagged release. In versions 1.13.2 through 1.13.5, potentially untrusted data flows into PR creation logic. A malicious actor could construct a branch name that injects arbi…

📅 Published: May 12, 2025, 10:52 a.m. 🔄 Last Modified: May 12, 2025, 5:32 p.m.

Vulnerability Database Index

0.0

CVE-2025-47864 -

0.0

CVE-2025-47861 -

0.0

CVE-2025-47862 -

0.0

CVE-2025-47863 -

0.0

CVE-2025-47859 -

0.0

CVE-2025-47860 -

0.0

CVE-2025-47858 -

5.1

CVE-2025-40627 - Reflected Cross-Site Scripting (XSS) in AbanteCart

5.1

CVE-2025-40626 - Reflected Cross-Site Scripting (XSS) in AbanteCart

6.3

CVE-2025-47271 - OZI-Project/ozi-publish Code Injection vulnerability