CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugin 2.12,2.13' version 2.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS6.5AI score0.00332EPSS

Exploits0References1

OSV•added 2021/02/26 3:15 p.m.•0 views

CVE-2020-28199

best it Amazon Pay Plugin before 9.4.2 for Shopware exposes Sensitive Information to an Unauthorized Actor...

9.1CVSS7.3AI score0.00307EPSS

Exploits1References2

Cvelist•added 2021/02/26 2:56 p.m.•11 views

CVE-2020-28199

best it Amazon Pay Plugin before 9.4.2 for Shopware exposes Sensitive Information to an Unauthorized Actor...

9.2AI score0.00307EPSS

Exploits1References2

CNNVD•added 2021/02/26 12:0 a.m.•2 views

Amazon Pay Plugin Information Disclosure Vulnerability

Amazon Pay Plugin is an online payment plugin from Amazon.com, Inc. Amazon Pay Plugin before 9.4.2 suffers from an information disclosure vulnerability that originates from exposing sensitive information for Shopware...

9.1CVSS7.3AI score0.00307EPSS

Exploits1References3

OSV•added 2019/09/12 5:15 p.m.•1 views

CVE-2019-6003

Cross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugin 2.12,2.13' version 2.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS5.9AI score

Exploits0References2

NVD•added 2019/09/12 5:15 p.m.•12 views

CVE-2019-6003

Cross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugin 2.12,2.13' version 2.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS6.1AI score0.00332EPSS

Exploits0References2

CVE•added 2019/09/12 3:58 p.m.•110 views

CVE-2019-6003

CVE-2019-6003 is a cross-site scripting vulnerability in EC-CUBE's Amazon Pay Plugin (versions 2.4.2 and earlier, plugin 2.12/2.13). The root cause is improper handling of user-controlled input (CWE-79), allowing an attacker to inject arbitrary web script or HTML via unspecified vectors. Impact, ...

6.1CVSS6AI score0.00332EPSS

Exploits0References2Affected Software1

Cvelist•added 2019/09/12 3:58 p.m.•10 views

CVE-2019-6003

Cross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugin 2.12,2.13' version 2.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1AI score0.00332EPSS

Exploits0References2

Japan Vulnerability Notes•added 2019/08/07 4:58 a.m.•2 views

EC-CUBE plugin "Amazon Pay Plugin 2.12,2.13" vulnerable to cross-site scripting

Overview EC-CUBE plugin "Amazon Pay Plugin 2.12,2.13" provided by IPLOGIC CO.,LTD. contains a cross-site scripting vulnerability CWE-79. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

6.1CVSS6AI score0.00332EPSS

Exploits0References5

CNVD•added 2019/08/07 12:0 a.m.•2 views

Amazon Pay Plugin for EC-CUBE Cross-Site Scripting Vulnerability

Amazon Pay Plugin for EC-CUBE is an online payment plugin for EC-CUBE, a suite of e-commerce systems. A cross-site scripting vulnerability exists in Amazon Pay Plugin for EC-CUBE, which can be exploited by attackers to execute client-side code...

6.1CVSS6.4AI score0.00332EPSS

Exploits0References1

Japan Vulnerability Notes•added 2019/08/07 12:0 a.m.•59 views

JVN#29343839: EC-CUBE plugin "Amazon Pay Plugin 2.12,2.13" vulnerable to cross-site scripting

EC-CUBE plugin "Amazon Pay Plugin 2.12,2.13" provided by IPLOGIC CO.,LTD. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who logs in to the product with the administrative privilege. Solution Update the Plugin Update...

6.1CVSS6.1AI score0.00332EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by