Cross site scripting

2023-08-1707:15:00

PRIOn knowledge base

www.prio-n.com

ec-cube

cross-site scripting

vulnerability

4.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.1%

JSON

EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerability in “mail/template” and “products/product” of Management page.
If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the other administrator or the user who accessed the website using the product.

CPENameOperatorVersion
ec-cubege2.12.0
ec-cubele2.12.6
ec-cubege2.11.0
ec-cubele2.11.5
ec-cubeeq2.13.5 patch1
ec-cubege2.13.0
ec-cubelt2.13.5
ec-cubeeq2.13.5
ec-cubeeq2.17.2
ec-cubeeq2.17.2 patch1

Name	Operator	Version
ec-cube	ge	2.12.0
ec-cube	le	2.12.6
ec-cube	ge	2.11.0
ec-cube	le	2.11.5
ec-cube	eq	2.13.5 patch1
ec-cube	ge	2.13.0
ec-cube	lt	2.13.5
ec-cube	eq	2.13.5
ec-cube	eq	2.17.2
ec-cube	eq	2.17.2 patch1