AbanteCart 1.2.12 has reflected cross-site scripting (XSS) via the sort parameter, as demonstrated by a /apparel--accessories?sort= substring.
{ "source": "CPE_STRING", "cpe": "cpe:2.3:a:abantecart:abantecart:1.2.12:*:*:*:*:*:*:*", "extracted_events": [ { "introduced": "1.2.12" }, { "last_affected": "1.2.12" } ] }
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20141.json"