4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
66.4%
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability.
This vulnerability is different than the previous vulnerabilities disclosed on JVN.
An arbitrary script may be executed on the user’s web browser.
Fix the file
Modify the specific file according to the information provided by the developer.
This issue was resolved in EC-CUBE 2.4.4. When creating a new site using EC-CUBE, please use version 2.4.4 or later.