Lucene search
HistoryFeb 03, 2011 - 4:00 p.m.
CVE-2011-0451
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.8 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
66.4%
Multiple cross-site scripting (XSS) vulnerabilities in (1) data/Smarty/templates/default/list.tpl and (2) data/Smarty/templates/default/campaign/bloc/cart_tag.tpl in EC-CUBE before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected configurations
Node
lockonec-cubeRange≤2.4.3
ORlockonec-cubeMatch1.1.0beta
ORlockonec-cubeMatch1.1.1
ORlockonec-cubeMatch1.2.0beta
ORlockonec-cubeMatch1.3.0
ORlockonec-cubeMatch1.3.0beta
ORlockonec-cubeMatch1.3.1
ORlockonec-cubeMatch1.3.1a
ORlockonec-cubeMatch1.3.2
ORlockonec-cubeMatch1.3.3
ORlockonec-cubeMatch1.3.4
ORlockonec-cubeMatch1.3.4community
ORlockonec-cubeMatch1.4.0a-beta
ORlockonec-cubeMatch1.4.0beta
ORlockonec-cubeMatch1.4.1beta
ORlockonec-cubeMatch1.4.2beta
ORlockonec-cubeMatch1.4.3a-beta
ORlockonec-cubeMatch1.4.3b-beta
ORlockonec-cubeMatch1.4.3beta
ORlockonec-cubeMatch1.4.5
ORlockonec-cubeMatch1.4.6
ORlockonec-cubeMatch1.4.7
ORlockonec-cubeMatch1.5.0beta
ORlockonec-cubeMatch2.0.0beta
ORlockonec-cubeMatch2.0.1
ORlockonec-cubeMatch2.0.1a
ORlockonec-cubeMatch2.1.0beta
ORlockonec-cubeMatch2.1.2
ORlockonec-cubeMatch2.1.2a
ORlockonec-cubeMatch2.2.0beta
ORlockonec-cubeMatch2.2.1one
ORlockonec-cubeMatch2.3.0
ORlockonec-cubeMatch2.3.0rc1
ORlockonec-cubeMatch2.3.1
ORlockonec-cubeMatch2.3.3
ORlockonec-cubeMatch2.3.4
ORlockonec-cubeMatch2.4.0
ORlockonec-cubeMatch2.4.0rc1
ORlockonec-cubeMatch2.4.1
ORlockonec-cubeMatch2.4.2
ORlockonec-cubeMatch2.4.4
ORlockonec-cubeMatch2.11.0beta
Related
cvelist
cvelist
CVE-2011-0451
2011-02-03 15:00:00
cve
cve
CVE-2011-0451
2011-02-03 16:00:04
osv
osv
EC-CUBE XSS Vulnerabilities
2022-05-17 02:02:18
github
github
EC-CUBE XSS Vulnerabilities
2022-05-17 02:02:18
jvn
jvn
JVN#84393059: EC-CUBE vulnerable to cross-site scripting
2011-02-02 00:00:00
prion
prion
Cross site scripting
2011-02-03 16:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.8 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
66.4%
Related for NVD:CVE-2011-0451