Lucene search
Japan Vulnerability NotesJVN:37878530HistoryMay 10, 2011 - 12:00 a.m.
JVN#37878530: EC-CUBE vulnerable to cross-site request forgery
2011-05-1000:00:00
Japan Vulnerability Notes
jvn.jp
14
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.002 Low
EPSS
Percentile
52.8%
EC-CUBE provided by LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site request forgery vulnerability.
Impact
If a user views a malicious page while logged in, information stored within EC-CUBE may be altered.
Solution
Update the Software
Apply the latest update provided by the developer.
Products Affected
- EC-CUBE versions prior to 2.11.0
Related
nvd
nvd
CVE-2011-1325
2011-05-13 17:05:42
prion
prion
Cross site request forgery (csrf)
2011-05-13 17:05:00
cvelist
cvelist
CVE-2011-1325
2022-10-03 16:15:10
cve
cve
CVE-2011-1325
2022-10-03 16:15:10
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.002 Low
EPSS
Percentile
52.8%
Related for JVN:37878530