CVE-2013-5992
EC-CUBE 2.11.0–2.11.5 is vulnerable to a Cross-Site Scripting (XSS) flaw in the displaySystemError function that mishandles error-message output. The root cause is improper escaping/output handling of error messages in html/handle_error.php, allowing remote attackers to inject arbitrary script/HT...