CVE-2013-2314
CVE-2013-2314 affects EC-CUBE 2.11.0–2.12.3enP2. The vulnerability is a cross-site scripting (XSS) in the adminAuthorization function within SC_Helper_Session.php, allowing a remote attacker to inject arbitrary script/HTML via a crafted URL used on the management screen. Root cause: improper hand...