Lucene search
JpcertCVELIST:CVE-2022-38975HistorySep 27, 2022 - 1:55 a.m.
CVE-2022-38975
2022-09-2701:55:16
jpcert
www.cve.org
1
0.001 Low
EPSS
Percentile
25.9%
DOM-based cross-site scripting vulnerability in EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote attacker to inject an arbitrary script by having an administrative user of the product to visit a specially crafted page.
CNA Affected
[
{
"product": "EC-CUBE 4 series",
"vendor": "EC-CUBE CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "EC-CUBE 4.0.0 to 4.1.2"
}
]
}
]Related
osv
osv
CVE-2022-38975
2022-09-27 23:15:15
EC-CUBE DOM-based cross-site scripting vulnerability
2022-09-28 00:00:17
cve
cve
CVE-2022-38975
2022-09-27 23:15:15
nvd
nvd
CVE-2022-38975
2022-09-27 23:15:15
prion
prion
Cross site scripting
2022-09-27 23:15:00
github
github
EC-CUBE DOM-based cross-site scripting vulnerability
2022-09-28 00:00:17
jvn
jvn
JVN#21213852: Multiple vulnerabilities in EC-CUBE
2022-09-15 00:00:00