Lucene search
K

638 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/17 6:12 a.m.3 views

EC-CUBE 2 series vulnerable to cross-site scripting

Overview EC-CUBE 2 series provided by EC-CUBE CO.,LTD. contains a cross-site scripting vulnerability CWE-79 in "mail/template" and "products/product" of Management page. Shimamine Taihei of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to EC-CUBE CO.,LTD. and EC-CUBE CO.,LTD...

4.8CVSS6AI score0.00362EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/08/17 12:0 a.m.6 views

EC-CUBE 跨站脚本漏洞

EC-CUBE is an open source e-commerce system from the Japanese company EC-CUBE. A security vulnerability exists in EC-CUBE versions 2.11.0 through 2.17.2-p1, which stems from the presence of a cross-site scripting vulnerability that could allow execution of arbitrary scripts on the web browser of...

4.8CVSS5.2AI score0.00362EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/17 12:0 a.m.35 views

JVN#46993816: EC-CUBE 2 series vulnerable to cross-site scripting

EC-CUBE 2 series provided by EC-CUBE CO.,LTD. contains a cross-site scripting vulnerability CWE-79 in "mail/template" and "products/product" of Management page. Impact An arbitrary script may be executed on the web browser of the other administrator or the user who accessed the website using the...

4.8CVSS4.9AI score0.00362EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/08/17 12:0 a.m.5 views

PT-2023-27357 · Ec Cube · Ec-Cube

Name of the Vulnerable Software and Affected Versions: EC-CUBE versions 2.11.0 through 2.17.2-p1 Description: The issue concerns a cross-site scripting vulnerability in the "mail/template" and "products/product" sections of the Management page. If exploited, this could lead to the execution of an...

4.8CVSS5AI score0.00362EPSS
Exploits0References6
NVD
NVD
added 2023/05/10 6:15 a.m.18 views

CVE-2023-27919

Authentication bypass vulnerability in NEXT ENGINE Integration Plugin for EC-CUBE 2.0 series all versions allows a remote unauthenticated attacker to alter the information stored in the system...

5.3CVSS5.3AI score0.007EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/05/10 12:0 a.m.10 views

PT-2023-21418 · Ec Cube · Next Engine Integration Plugin

Name of the Vulnerable Software and Affected Versions: NEXT ENGINE Integration Plugin for EC-CUBE 2.0 series all versions Description: The issue allows a remote unauthenticated attacker to alter the information stored in the system due to an authentication bypass vulnerability. Recommendations: F...

5.3CVSS5.3AI score0.007EPSS
Exploits0References3
CVE
CVE
added 2023/05/10 12:0 a.m.53 views

CVE-2023-27919

CVE-2023-27919 describes an authentication bypass in the NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series) , affecting all versions. The vulnerability allows a remote unauthenticated attacker to alter information stored in the system. The provided documents do not include a published fix or...

5.3CVSS5.2AI score0.007EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/10 12:0 a.m.11 views

CVE-2023-27919

Authentication bypass vulnerability in NEXT ENGINE Integration Plugin for EC-CUBE 2.0 series all versions allows a remote unauthenticated attacker to alter the information stored in the system...

5.2AI score0.007EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/05/10 12:0 a.m.49 views

CVE-2023-27919

Authentication bypass vulnerability in NEXT ENGINE Integration Plugin for EC-CUBE 2.0 series all versions allows a remote unauthenticated attacker to alter the information stored in the system...

5.5AI score0.007EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/04/19 5:6 a.m.5 views

EC-CUBE plugin "NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series)" vulnerable to authentication bypass

Overview EC-CUBE plugin "NEXT ENGINE Integration Plugin for EC-CUBE 2.0 series" provided by NE Inc. contains an authentication bypass vulnerability CWE-287. TSUKADA Nobuhisa of Seasoft reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

5.3CVSS6.8AI score0.007EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/04/19 12:0 a.m.34 views

JVN#50862842: EC-CUBE plugin "NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series)" vulnerable to authentication bypass

EC-CUBE plugin "NEXT ENGINE Integration Plugin for EC-CUBE 2.0 series" provided by NE Inc. contains an authentication bypass vulnerability CWE-287. Impact A remote attacker may alter the information stored in the system. Solution Stop using "NEXT ENGINE Integration Plugin for EC-CUBE 2.0 series "...

5.3CVSS5.4AI score0.007EPSS
Exploits0
NVD
NVD
added 2023/03/06 12:15 a.m.19 views

CVE-2023-22438

Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0, EC-CUBE 3 series EC-CUBE 3.0.0 to 3.0.18-p5, and EC-CUBE 2 series EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, an...

5.4CVSS5.2AI score0.00692EPSS
Exploits0References4
NVD
NVD
added 2023/03/06 12:15 a.m.30 views

CVE-2023-25077

Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script...

5.4CVSS5.3AI score0.00558EPSS
Exploits0References2
NVD
NVD
added 2023/03/06 12:15 a.m.26 views

CVE-2023-22838

Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script...

5.4CVSS5.2AI score0.00538EPSS
Exploits0References2
Prion
Prion
added 2023/03/06 12:15 a.m.23 views

Cross site scripting

Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0, EC-CUBE 3 series EC-CUBE 3.0.0 to 3.0.18-p5, and EC-CUBE 2 series EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, an...

4.9CVSS5.2AI score0.00692EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2023/03/06 12:15 a.m.19 views

Cross site scripting

Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script...

4.9CVSS5.2AI score0.00558EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/03/06 12:15 a.m.22 views

Cross site scripting

Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script...

4.9CVSS5.2AI score0.00538EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/05 12:0 a.m.8 views

CVE-2023-25077

Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script...

6.6AI score0.00558EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/05 12:0 a.m.6 views

PT-2023-19918 · Ec Cube · Ec-Cube

Name of the Vulnerable Software and Affected Versions: EC-CUBE versions 4.0.0 through 4.0.6-p2 EC-CUBE versions 4.1.0 through 4.1.2-p1 EC-CUBE version 4.2.0 Description: A cross-site scripting issue in the Authentication Key Settings of EC-CUBE allows a remote authenticated attacker to inject an...

5.4CVSS5.1AI score0.00558EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2023/03/05 12:0 a.m.11 views

CVE-2023-22838

Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script...

6.6AI score0.00538EPSS
Exploits0References2
Rows per page
Query Builder