Unknown · Abantecart · CVE-2021-42051
**Name of the Vulnerable Software and Affected Versions**
AbanteCart versions prior to 1.3.2
**Description**
An issue was discovered that allows any low-privileged user with file-upload permissions to upload a malicious SVG document containing an XSS payload.
**Recommendations**
For versions prior to 1.3.2, update to version 1.3.2 or later to resolve the issue. As a temporary workaround, consider restricting file-upload permissions to minimize the risk of exploitation.