Lucene search
JpcertCVELIST:CVE-2023-22438HistoryMar 05, 2023 - 12:00 a.m.
CVE-2023-22438
2023-03-0500:00:00
jpcert
www.cve.org
1
cross-site scripting
ec-cube
remote attacker
arbitrary script
0.001 Low
EPSS
Percentile
38.3%
Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), and EC-CUBE 2 series (EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, and EC-CUBE 2.17.0 to 2.17.2) allows a remote authenticated attacker to inject an arbitrary script.
CNA Affected
[
{
"vendor": "EC-CUBE CO.,LTD.",
"product": "EC-CUBE 4 series, EC-CUBE 3 series, and EC-CUBE 2 series",
"versions": [
{
"version": "EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, EC-CUBE 4.2.0, EC-CUBE 3.0.0 to 3.0.18-p5, EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, and EC-CUBE 2.17.0 to 2.17.2",
"status": "affected"
}
]
}
]Related
nvd
nvd
CVE-2023-22438
2023-03-06 00:15:10
prion
prion
Cross site scripting
2023-03-06 00:15:00
osv
osv
CVE-2023-22438
2023-03-06 00:15:10
cve
cve
CVE-2023-22438
2023-03-06 00:15:10
jvn
jvn
JVN#04785663: Multiple cross-site scripting vulnerabilities in EC-CUBE
2023-02-28 00:00:00