CVE-2018-20141 (abantecart)

AbanteCart 1.2.12 has reflected cross-site scripting (XSS) via the sort parameter, as demonstrated by a /apparel–accessories?sort= substring.
Source: NIST