Japan Vulnerability NotesJVN:99916563JVN#99916563 EC-CUBE cross-site scripting vulnerability
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
65.9%
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability.
This vulnerability is different from JVN#61543834, JVN#26621646, and JVN#36085487.
Impact
An arbitrary script could be executed on the user’s web browser.
Solution
Update the Software
Apply the latest updates provided by the vendor.
Products Affected
- EC-CUBE Ver2 Version 2.1.2a and earlier
- EC-CUBE Ver2 Beta(RC) Version 2.2.0-beta and earlier
- EC-CUBE Community Edition Nighly-Build r17623 and earlier
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
65.9%