CVE-2013-5992

2013-11-2104:40:58

CWE-79

[email protected]

web.nvd.nist.gov

cve-2013-5992

cross-site scripting

xss

lockon ec-cube

web security

error handling

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

56.8%

JSON

Cross-site scripting (XSS) vulnerability in the displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to inject arbitrary web script or HTML by leveraging incorrect handling of error-message output.

Affected configurations

NVD

Node

lockonec-cubeMatch2.11.0

lockonec-cubeMatch2.11.0beta

lockonec-cubeMatch2.11.0beta2

lockonec-cubeMatch2.11.1

lockonec-cubeMatch2.11.2

lockonec-cubeMatch2.11.3

lockonec-cubeMatch2.11.4

lockonec-cubeMatch2.11.5

CPENameOperatorVersion
lockon:ec-cubelockon ec-cubeeq2.11.0
lockon:ec-cubelockon ec-cubeeq2.11.1
lockon:ec-cubelockon ec-cubeeq2.11.2
lockon:ec-cubelockon ec-cubeeq2.11.3
lockon:ec-cubelockon ec-cubeeq2.11.4
lockon:ec-cubelockon ec-cubeeq2.11.5

CPE	Name	Operator	Version
lockon:ec-cube	lockon ec-cube	eq	2.11.0
lockon:ec-cube	lockon ec-cube	eq	2.11.1
lockon:ec-cube	lockon ec-cube	eq	2.11.2
lockon:ec-cube	lockon ec-cube	eq	2.11.3
lockon:ec-cube	lockon ec-cube	eq	2.11.4
lockon:ec-cube	lockon ec-cube	eq	2.11.5