2 matches found
CVE-2023-40281
EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerability in "mail/template" and "products/product" of Management page. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the other administrator or the user who accessed the website using t...
CVE-2023-40281
EC-CUBE 2 series (versions 2.11.0–2.17.2-p1) contains a cross-site scripting (CWE-79) vulnerability in the Management page’s mail/template and products/product components. The issue can allow arbitrary script execution in the web browser of other administrators or users accessing the site. Affect...