2 matches found
CVE-2019-6003
Cross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugin 2.12,2.13' version 2.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2019-6003
CVE-2019-6003 is a cross-site scripting vulnerability in EC-CUBE's Amazon Pay Plugin (versions 2.4.2 and earlier, plugin 2.12/2.13). The root cause is improper handling of user-controlled input (CWE-79), allowing an attacker to inject arbitrary web script or HTML via unspecified vectors. Impact, ...