2 matches found
CVE-2013-3653
Multiple cross-site scripting XSS vulnerabilities in the RecommendSearch feature in the management screen in LOCKON EC-CUBE before 2.12.5 allow remote attackers to inject arbitrary web script or HTML via vectors involving the rank parameter, a different vulnerability than CVE-2013-3652...
CVE-2013-3653
CVE-2013-3653: In LOCKON EC-CUBE’s management screen, the RecommendSearch feature has multiple XSS vulnerabilities in versions before 2.12.5, exploitable via the rank parameter. Remote attackers can inject arbitrary script/HTML. Remediation: upgrade to EC-CUBE 2.12.5 or later.