638 matches found
CVE-2023-22838
CVE-2023-22838 is a cross-site scripting vulnerability affecting EC-CUBE in versions 4.0.0–4.0.6-p2, 4.1.0–4.1.2-p1, and 4.2.0. The issue lies in the Product List Screen and Product Detail Screen, allowing a remote authenticated attacker to inject arbitrary script. Exploitation requires user inte...
CVE-2023-22438
Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0, EC-CUBE 3 series EC-CUBE 3.0.0 to 3.0.18-p5, and EC-CUBE 2 series EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, an...
CVE-2023-22438
CVE-2023-22438 is a cross-site scripting vulnerability in EC-CUBE’s Contents Management across multiple series (EC-CUBE 4.0.0–4.0.6-p2, 4.1.0–4.1.2-p1, 4.2.0; 3.x up to 3.0.18-p5; 2.x up to 2.17.2). The root cause is a stored/reflected XSS in the contents management interface that allows a remote...
CVE-2023-25077
CVE-2023-25077 is a cross-site scripting vulnerability in EC-CUBE’s Authentication Key Settings affecting EC-CUBE 4.0.0–4.0.6-p2, 4.1.0–4.1.2-p1, and 4.2.0. The root cause is an XSS issue in the admin/Authentication Key Settings that allows a remote authenticated attacker to inject arbitrary scri...
CVE-2023-22838
Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script...
CVE-2023-25077
Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script...
CVE-2023-22438
Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0, EC-CUBE 3 series EC-CUBE 3.0.0 to 3.0.18-p5, and EC-CUBE 2 series EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, an...
CVE-2023-22438
Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0, EC-CUBE 3 series EC-CUBE 3.0.0 to 3.0.18-p5, and EC-CUBE 2 series EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, an...
CVE-2023-22838
Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script...
CVE-2023-25077
Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script...
EC-CUBE 跨站脚本漏洞
EC-CUBE is an open source e-commerce system from the Japanese company EC-CUBE. A security vulnerability exists in EC-CUBE, which stems from a cross-site scripting vulnerability that could be exploited by an attacker to execute arbitrary script on a user's web browser...
EC-CUBE 跨站脚本漏洞
EC-CUBE is an open source e-commerce system from the Japanese company EC-CUBE. A security vulnerability exists in EC-CUBE, which stems from a cross-site scripting vulnerability that could be exploited by an attacker to execute arbitrary script on a user's web browser...
EC-CUBE 跨站脚本漏洞
EC-CUBE is an open source e-commerce system from the Japanese company EC-CUBE. A security vulnerability exists in EC-CUBE, which stems from a cross-site scripting vulnerability that could be exploited by an attacker to execute arbitrary script on a user's web browser...
JVN#04785663: Multiple cross-site scripting vulnerabilities in EC-CUBE
EC-CUBE provided by EC-CUBE CO.,LTD. contains multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability in Contents Management CWE-79 - CVE-2023-22438 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVS...
GHSA-PGGW-RQFM-72RH EC-CUBE DOM-based cross-site scripting vulnerability
DOM-based cross-site scripting vulnerability in EC-CUBE 4 series EC-CUBE 4.0.0 to 4.1.2 allows a remote attacker to inject an arbitrary script by having an administrative user of the product to visit a specially crafted page...
EC-CUBE DOM-based cross-site scripting vulnerability
DOM-based cross-site scripting vulnerability in EC-CUBE 4 series EC-CUBE 4.0.0 to 4.1.2 allows a remote attacker to inject an arbitrary script by having an administrative user of the product to visit a specially crafted page...
GHSA-WJPV-FRF2-3R58 EC-CUBE Directory traversal vulnerability
Directory traversal vulnerability in EC-CUBE 3 series EC-CUBE 3.0.0 to 3.0.18-p4 and EC-CUBE 4 series EC-CUBE 4.0.0 to 4.1.2 allows a remote authenticated attacker with an administrative privilege to obtain the product's directory structure information...
EC-CUBE Directory traversal vulnerability
Directory traversal vulnerability in EC-CUBE 3 series EC-CUBE 3.0.0 to 3.0.18-p4 and EC-CUBE 4 series EC-CUBE 4.0.0 to 4.1.2 allows a remote authenticated attacker with an administrative privilege to obtain the product's directory structure information...
CVE-2022-40199
Directory traversal vulnerability in EC-CUBE 3 series EC-CUBE 3.0.0 to 3.0.18-p4 and EC-CUBE 4 series EC-CUBE 4.0.0 to 4.1.2 allows a remote authenticated attacker with an administrative privilege to obtain the product's directory structure information...
CVE-2022-38975
DOM-based cross-site scripting vulnerability in EC-CUBE 4 series EC-CUBE 4.0.0 to 4.1.2 allows a remote attacker to inject an arbitrary script by having an administrative user of the product to visit a specially crafted page...