CVE-2024-41141

Stored cross-site scripting vulnerability exists in EC-CUBE Web API Plugin. When there are multiple users using OAuth Management feature and one of them inputs some crafted value on the OAuth Management page, an arbitrary script may be executed on the web browser of the other user who accessed th...

CVE-2024-41141

Stored cross-site scripting vulnerability exists in EC-CUBE Web API Plugin. When there are multiple users using OAuth Management feature and one of them inputs some crafted value on the OAuth Management page, an arbitrary script may be executed on the web browser of the other user who accessed th...

EC-CUBE plugin (for EC-CUBE 4 series) "EC-CUBE Web API Plugin" vulnerable to stored cross-site scripting

Overview EC-CUBE plugin for EC-CUBE 4 series "EC-CUBE Web API Plugin" provided by EC-CUBE CO.,LTD. contains a stored cross-site scripting vulnerability CWE-79 in OAuth Management feature. EC-CUBE CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN...

PT-2024-29291 · Ec Cube · Ec-Cube Web Api Plugin

Name of the Vulnerable Software and Affected Versions: EC-CUBE Web API Plugin affected versions not specified Description: A stored cross-site scripting issue exists in the EC-CUBE Web API Plugin. When multiple users utilize the OAuth Management feature and one user inputs a crafted value on the...

CVE-2020-15243

Affected versions of Smartstore have a missing WebApi Authentication attribute. This vulnerability affects Smartstore shops in version 4.0.0 & 4.0.1 which have installed and activated the Web API plugin. Users of Smartstore 4.0.0 and 4.0.1 must merge their repository with 4.0.x or overwrite the...

CVE-2020-15243

CVE-2020-15243 affects Smartstore 4.0.0 and 4.0.1 with the Web API plugin installed and activated, where a missing WebApi Authentication attribute creates a vulnerability. The recommended remediations are to merge the 4.0.x branch (or overwrite the SmartStore.Web.Framework in the deployed shop’s ...