Lucene search
K

638 matches found

CVE
CVE
added 2024/07/30 8:45 a.m.93 views

CVE-2024-41141

CVE-2024-41141 is a stored cross-site scripting vulnerability in the EC-CUBE Web API Plugin (OAuth Management). When multiple users use OAuth Management and one user inputs a crafted value, an arbitrary script may run in the browser of other users who accessed the management page. Documents consi...

6.1CVSS6.4AI score0.00271EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/07/30 4:56 a.m.5 views

EC-CUBE 4 Series improper input validation when installing plugins

Overview EC-CUBE 4 series provided by EC-CUBE CO.,LTD improperly validates inputs when installing plugins CWE-349. EC-CUBE CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and EC-CUBE CO.,LTD. coordinated under the Information Security Early...

7.2CVSS7.2AI score0.00267EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/07/30 12:0 a.m.20 views

JVN#26225832: EC-CUBE plugin (for EC-CUBE 4 series) "EC-CUBE Web API Plugin" vulnerable to stored cross-site scripting

EC-CUBE plugin for EC-CUBE 4 series "EC-CUBE Web API Plugin" provided by EC-CUBE CO.,LTD. contains a stored cross-site scripting vulnerability CWE-79 in OAuth Management feature. Impact When there are multiple users using OAuth Management feature and one of them inputs some crafted value on the...

6.1CVSS5.7AI score0.00271EPSS
Exploits0
CNNVD
CNNVD
added 2024/07/30 12:0 a.m.6 views

EC-CUBE 安全漏洞

EC-CUBE is an open source e-commerce system from the Japanese company EC-CUBE. A security vulnerability exists in EC-CUBE that stems from the presence of an Accept External Untrusted Data and Trusted Data vulnerability, where an attacker who gains administrative privileges may be able to install...

7.2CVSS6.7AI score0.00267EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/07/30 12:0 a.m.13 views

JVN#48324254: EC-CUBE 4 Series improper input validation when installing plugins

EC-CUBE 4 series provided by EC-CUBE CO.,LTD improperly validates inputs when installing plugins CWE-349. Impact An attacker who obtained the administrative privilege may install an arbitrary PHP package. If the obsolete versions of PHP packages are installed, the product may be affected by some...

7.2CVSS7.1AI score0.00267EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/05/29 12:0 a.m.33 views

JVN#15637138: EC-Orange vulnerable to authorization bypass

EC-Orange provided by S-cubism Inc. is an e-commerce website building system package based on an open source software EC-CUBE. EC-Orange contains an authorization bypass vulnerability CWE-639. This is the same issue as JVN51770585 EC-CUBE vulnerable to authorization bypass. Impact A user of the...

9.1CVSS9.1AI score0.02245EPSS
Exploits0
NVD
NVD
added 2023/11/07 8:15 a.m.22 views

CVE-2023-46845

EC-CUBE 3 series 3.0.0 to 3.0.18-p6 and 4 series 4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2 contain an arbitrary code execution vulnerability due to improper settings of the template engine Twig included in the product. As a result, arbitrary code may be executed on the server where...

7.2CVSS0.01582EPSS
Exploits1References4
Prion
Prion
added 2023/11/07 8:15 a.m.14 views

Remote code execution

EC-CUBE 3 series 3.0.0 to 3.0.18-p6 and 4 series 4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2 contain an arbitrary code execution vulnerability due to improper settings of the template engine Twig included in the product. As a result, arbitrary code may be executed on the server where...

5.8CVSS7.9AI score0.01582EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/07 7:39 a.m.15 views

CVE-2023-46845

EC-CUBE 3 series 3.0.0 to 3.0.18-p6 and 4 series 4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2 contain an arbitrary code execution vulnerability due to improper settings of the template engine Twig included in the product. As a result, arbitrary code may be executed on the server where...

7.6AI score0.01582EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/11/07 7:39 a.m.31 views

CVE-2023-46845

EC-CUBE 3 series 3.0.0 to 3.0.18-p6 and 4 series 4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2 contain an arbitrary code execution vulnerability due to improper settings of the template engine Twig included in the product. As a result, arbitrary code may be executed on the server where...

7.5AI score0.01582EPSS
Exploits1References4
CVE
CVE
added 2023/11/07 7:39 a.m.45 views

CVE-2023-46845

EC-CUBE 3.x (3.0.0–3.0.18-p6) and 4.x (4.0.0–4.0.6-p3, 4.1.0–4.1.2-p2, 4.2.0–4.2.2) are affected by an arbitrary code execution flaw caused by improper settings of the Twig template engine. An administrative user can trigger code execution on the server hosting EC-CUBE. The root cause is misconfi...

7.2CVSS7.2AI score0.01582EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/11/07 7:39 a.m.21 views

CVE-2023-46845

EC-CUBE 3 series 3.0.0 to 3.0.18-p6 and 4 series 4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2 contain an arbitrary code execution vulnerability due to improper settings of the template engine Twig included in the product. As a result, arbitrary code may be executed on the server where...

7.2CVSS7.6AI score0.01582EPSS
Exploits1References6
CNNVD
CNNVD
added 2023/11/07 12:0 a.m.5 views

EC-CUBE Security Vulnerability

EC-CUBE is an open source e-commerce system from EC-CUBE Japan. A security vulnerability exists in EC-CUBE 3 series 3.0.0 to 3.0.18-p6 and 4 series 4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2 releases, which is caused by an arbitrary code execution vulnerability due to improper...

7.2CVSS8AI score0.01582EPSS
Exploits1References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/11/07 12:0 a.m.34 views

JVN#29195731: EC-CUBE 3 series and 4 series vulnerable to arbitrary code execution

EC-CUBE 3 series and 4 series provided by EC-CUBE CO.,LTD. contain an arbitrary code execution vulnerability CWE-94 due to improper settings of the product's template engine "Twig". Impact Arbitrary code may be executed on the server where the product is running by a user with an administrative...

7.2CVSS7.3AI score0.01582EPSS
Exploits1
NVD
NVD
added 2023/08/17 7:15 a.m.42 views

CVE-2023-40281

EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerability in "mail/template" and "products/product" of Management page. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the other administrator or the user who accessed the website using t...

4.8CVSS5AI score0.00362EPSS
Exploits0References2
Prion
Prion
added 2023/08/17 7:15 a.m.24 views

Cross site scripting

EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerability in "mail/template" and "products/product" of Management page. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the other administrator or the user who accessed the website using t...

4.3CVSS4.9AI score0.00362EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/17 6:37 a.m.13 views

CVE-2023-40281

EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerability in "mail/template" and "products/product" of Management page. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the other administrator or the user who accessed the website using t...

6.2AI score0.00362EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/08/17 6:37 a.m.31 views

CVE-2023-40281

EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerability in "mail/template" and "products/product" of Management page. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the other administrator or the user who accessed the website using t...

5.2AI score0.00362EPSS
Exploits0References2
OSV
OSV
added 2023/08/17 6:37 a.m.17 views

CVE-2023-40281

EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerability in "mail/template" and "products/product" of Management page. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the other administrator or the user who accessed the website using t...

4.8CVSS6.5AI score0.00362EPSS
Exploits0References4
CVE
CVE
added 2023/08/17 6:37 a.m.43 views

CVE-2023-40281

EC-CUBE 2 series (versions 2.11.0–2.17.2-p1) contains a cross-site scripting (CWE-79) vulnerability in the Management page’s mail/template and products/product components. The issue can allow arbitrary script execution in the web browser of other administrators or users accessing the site. Affect...

4.8CVSS4.9AI score0.00362EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder