638 matches found
EC-CUBE 2 series vulnerable to cross-site scripting
Overview EC-CUBE 2 series provided by EC-CUBE CO.,LTD. contains a cross-site scripting vulnerability CWE-79 in "mail/template" and "products/product" of Management page. Shimamine Taihei of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to EC-CUBE CO.,LTD. and EC-CUBE CO.,LTD...
EC-CUBE 跨站脚本漏洞
EC-CUBE is an open source e-commerce system from the Japanese company EC-CUBE. A security vulnerability exists in EC-CUBE versions 2.11.0 through 2.17.2-p1, which stems from the presence of a cross-site scripting vulnerability that could allow execution of arbitrary scripts on the web browser of...
JVN#46993816: EC-CUBE 2 series vulnerable to cross-site scripting
EC-CUBE 2 series provided by EC-CUBE CO.,LTD. contains a cross-site scripting vulnerability CWE-79 in "mail/template" and "products/product" of Management page. Impact An arbitrary script may be executed on the web browser of the other administrator or the user who accessed the website using the...
PT-2023-27357 · Ec Cube · Ec-Cube
Name of the Vulnerable Software and Affected Versions: EC-CUBE versions 2.11.0 through 2.17.2-p1 Description: The issue concerns a cross-site scripting vulnerability in the "mail/template" and "products/product" sections of the Management page. If exploited, this could lead to the execution of an...
CVE-2023-27919
Authentication bypass vulnerability in NEXT ENGINE Integration Plugin for EC-CUBE 2.0 series all versions allows a remote unauthenticated attacker to alter the information stored in the system...
PT-2023-21418 · Ec Cube · Next Engine Integration Plugin
Name of the Vulnerable Software and Affected Versions: NEXT ENGINE Integration Plugin for EC-CUBE 2.0 series all versions Description: The issue allows a remote unauthenticated attacker to alter the information stored in the system due to an authentication bypass vulnerability. Recommendations: F...
CVE-2023-27919
CVE-2023-27919 describes an authentication bypass in the NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series) , affecting all versions. The vulnerability allows a remote unauthenticated attacker to alter information stored in the system. The provided documents do not include a published fix or...
CVE-2023-27919
Authentication bypass vulnerability in NEXT ENGINE Integration Plugin for EC-CUBE 2.0 series all versions allows a remote unauthenticated attacker to alter the information stored in the system...
CVE-2023-27919
Authentication bypass vulnerability in NEXT ENGINE Integration Plugin for EC-CUBE 2.0 series all versions allows a remote unauthenticated attacker to alter the information stored in the system...
EC-CUBE plugin "NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series)" vulnerable to authentication bypass
Overview EC-CUBE plugin "NEXT ENGINE Integration Plugin for EC-CUBE 2.0 series" provided by NE Inc. contains an authentication bypass vulnerability CWE-287. TSUKADA Nobuhisa of Seasoft reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
JVN#50862842: EC-CUBE plugin "NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series)" vulnerable to authentication bypass
EC-CUBE plugin "NEXT ENGINE Integration Plugin for EC-CUBE 2.0 series" provided by NE Inc. contains an authentication bypass vulnerability CWE-287. Impact A remote attacker may alter the information stored in the system. Solution Stop using "NEXT ENGINE Integration Plugin for EC-CUBE 2.0 series "...
CVE-2023-22438
Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0, EC-CUBE 3 series EC-CUBE 3.0.0 to 3.0.18-p5, and EC-CUBE 2 series EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, an...
CVE-2023-25077
Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script...
CVE-2023-22838
Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script...
Cross site scripting
Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0, EC-CUBE 3 series EC-CUBE 3.0.0 to 3.0.18-p5, and EC-CUBE 2 series EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, an...
Cross site scripting
Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script...
Cross site scripting
Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script...
CVE-2023-25077
Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script...
PT-2023-19918 · Ec Cube · Ec-Cube
Name of the Vulnerable Software and Affected Versions: EC-CUBE versions 4.0.0 through 4.0.6-p2 EC-CUBE versions 4.1.0 through 4.1.2-p1 EC-CUBE version 4.2.0 Description: A cross-site scripting issue in the Authentication Key Settings of EC-CUBE allows a remote authenticated attacker to inject an...
CVE-2023-22838
Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script...