Lucene search
K

638 matches found

CVE
CVE
added 2023/03/05 12:0 a.m.48 views

CVE-2023-22838

CVE-2023-22838 is a cross-site scripting vulnerability affecting EC-CUBE in versions 4.0.0–4.0.6-p2, 4.1.0–4.1.2-p1, and 4.2.0. The issue lies in the Product List Screen and Product Detail Screen, allowing a remote authenticated attacker to inject arbitrary script. Exploitation requires user inte...

5.4CVSS5.2AI score0.00538EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/05 12:0 a.m.7 views

CVE-2023-22438

Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0, EC-CUBE 3 series EC-CUBE 3.0.0 to 3.0.18-p5, and EC-CUBE 2 series EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, an...

5.5AI score0.00692EPSS
Exploits0References4
CVE
CVE
added 2023/03/05 12:0 a.m.61 views

CVE-2023-22438

CVE-2023-22438 is a cross-site scripting vulnerability in EC-CUBE’s Contents Management across multiple series (EC-CUBE 4.0.0–4.0.6-p2, 4.1.0–4.1.2-p1, 4.2.0; 3.x up to 3.0.18-p5; 2.x up to 2.17.2). The root cause is a stored/reflected XSS in the contents management interface that allows a remote...

5.4CVSS5.2AI score0.00692EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2023/03/05 12:0 a.m.66 views

CVE-2023-25077

CVE-2023-25077 is a cross-site scripting vulnerability in EC-CUBE’s Authentication Key Settings affecting EC-CUBE 4.0.0–4.0.6-p2, 4.1.0–4.1.2-p1, and 4.2.0. The root cause is an XSS issue in the admin/Authentication Key Settings that allows a remote authenticated attacker to inject arbitrary scri...

5.4CVSS5.2AI score0.00558EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/03/05 12:0 a.m.22 views

CVE-2023-22838

Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script...

5.4CVSS6.5AI score0.00538EPSS
Exploits0References4
OSV
OSV
added 2023/03/05 12:0 a.m.19 views

CVE-2023-25077

Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script...

5.4CVSS6.6AI score0.00558EPSS
Exploits0References4
OSV
OSV
added 2023/03/05 12:0 a.m.24 views

CVE-2023-22438

Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0, EC-CUBE 3 series EC-CUBE 3.0.0 to 3.0.18-p5, and EC-CUBE 2 series EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, an...

5.4CVSS6.5AI score0.00692EPSS
Exploits0References6
Cvelist
Cvelist
added 2023/03/05 12:0 a.m.32 views

CVE-2023-22438

Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0, EC-CUBE 3 series EC-CUBE 3.0.0 to 3.0.18-p5, and EC-CUBE 2 series EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, an...

5.4AI score0.00692EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/03/05 12:0 a.m.24 views

CVE-2023-22838

Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script...

5.4AI score0.00538EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/03/05 12:0 a.m.34 views

CVE-2023-25077

Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script...

5.5AI score0.00558EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/02/28 12:0 a.m.7 views

EC-CUBE 跨站脚本漏洞

EC-CUBE is an open source e-commerce system from the Japanese company EC-CUBE. A security vulnerability exists in EC-CUBE, which stems from a cross-site scripting vulnerability that could be exploited by an attacker to execute arbitrary script on a user's web browser...

5.4CVSS5.7AI score0.00692EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/02/28 12:0 a.m.9 views

EC-CUBE 跨站脚本漏洞

EC-CUBE is an open source e-commerce system from the Japanese company EC-CUBE. A security vulnerability exists in EC-CUBE, which stems from a cross-site scripting vulnerability that could be exploited by an attacker to execute arbitrary script on a user's web browser...

5.4CVSS5.7AI score0.00558EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/02/28 12:0 a.m.8 views

EC-CUBE 跨站脚本漏洞

EC-CUBE is an open source e-commerce system from the Japanese company EC-CUBE. A security vulnerability exists in EC-CUBE, which stems from a cross-site scripting vulnerability that could be exploited by an attacker to execute arbitrary script on a user's web browser...

5.4CVSS5.7AI score0.00538EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/02/28 12:0 a.m.33 views

JVN#04785663: Multiple cross-site scripting vulnerabilities in EC-CUBE

EC-CUBE provided by EC-CUBE CO.,LTD. contains multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability in Contents Management CWE-79 - CVE-2023-22438 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVS...

5.4CVSS6AI score0.00692EPSS
Exploits0
OSV
OSV
added 2022/09/28 12:0 a.m.33 views

GHSA-PGGW-RQFM-72RH EC-CUBE DOM-based cross-site scripting vulnerability

DOM-based cross-site scripting vulnerability in EC-CUBE 4 series EC-CUBE 4.0.0 to 4.1.2 allows a remote attacker to inject an arbitrary script by having an administrative user of the product to visit a specially crafted page...

5.4CVSS5.2AI score0.00553EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/09/28 12:0 a.m.19 views

EC-CUBE DOM-based cross-site scripting vulnerability

DOM-based cross-site scripting vulnerability in EC-CUBE 4 series EC-CUBE 4.0.0 to 4.1.2 allows a remote attacker to inject an arbitrary script by having an administrative user of the product to visit a specially crafted page...

5.4CVSS6.3AI score0.00553EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/09/28 12:0 a.m.49 views

GHSA-WJPV-FRF2-3R58 EC-CUBE Directory traversal vulnerability

Directory traversal vulnerability in EC-CUBE 3 series EC-CUBE 3.0.0 to 3.0.18-p4 and EC-CUBE 4 series EC-CUBE 4.0.0 to 4.1.2 allows a remote authenticated attacker with an administrative privilege to obtain the product's directory structure information...

2.7CVSS3.7AI score0.01056EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/09/28 12:0 a.m.20 views

EC-CUBE Directory traversal vulnerability

Directory traversal vulnerability in EC-CUBE 3 series EC-CUBE 3.0.0 to 3.0.18-p4 and EC-CUBE 4 series EC-CUBE 4.0.0 to 4.1.2 allows a remote authenticated attacker with an administrative privilege to obtain the product's directory structure information...

2.7CVSS6.5AI score0.01056EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2022/09/27 11:15 p.m.30 views

CVE-2022-40199

Directory traversal vulnerability in EC-CUBE 3 series EC-CUBE 3.0.0 to 3.0.18-p4 and EC-CUBE 4 series EC-CUBE 4.0.0 to 4.1.2 allows a remote authenticated attacker with an administrative privilege to obtain the product's directory structure information...

2.7CVSS0.01056EPSS
Exploits0References2
NVD
NVD
added 2022/09/27 11:15 p.m.32 views

CVE-2022-38975

DOM-based cross-site scripting vulnerability in EC-CUBE 4 series EC-CUBE 4.0.0 to 4.1.2 allows a remote attacker to inject an arbitrary script by having an administrative user of the product to visit a specially crafted page...

5.4CVSS0.00553EPSS
Exploits0References2
Rows per page
Query Builder