EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability.
This vulnerability is different than the previous vulnerabilities disclosed on JVN.
An arbitrary script may be executed on the user's web browser.
Fix the file
Modify the specific file according to the information provided by the developer.
This issue was resolved in EC-CUBE 2.4.4. When creating a new site using EC-CUBE, please use version 2.4.4 or later.
## Products Affected