Lucene search
K

638 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:39 p.m.8 views

CVE-2020-5679

Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted...

6.1CVSS6.7AI score0.00655EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:39 p.m.5 views

CVE-2020-5680

Improper input validation vulnerability in EC-CUBE versions from 3.0.5 to 3.0.18 allows a remote attacker to cause a denial-of-service DoS condition via unspecified vector...

7.5CVSS6.8AI score0.01367EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:29 a.m.9 views

CVE-2013-3651

LOCKON EC-CUBE 2.11.2 through 2.12.4 allows remote attackers to conduct unspecified PHP code-injection attacks via a crafted string, related to data/class/SCCheckError.php and data/class/SCFormParam.php...

7.5CVSS7.1AI score0.04285EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:29 a.m.7 views

CVE-2013-3652

Cross-site scripting XSS vulnerability in data/class/pages/products/LCPageProductsList.php in LOCKON EC-CUBE 2.11.0 through 2.12.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving the classcategoryid2 field, a different vulnerability than CVE-2013-3653...

4.3CVSS5.8AI score0.05932EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:27 a.m.11 views

CVE-2013-3650

Directory traversal vulnerability in the lfCheckFileName function in data/class/pages/LCPageResizeImage.php in LOCKON EC-CUBE before 2.12.5 allows remote attackers to read arbitrary image files via vectors involving the image parameter to resizeimage.php, a different vulnerability than...

5CVSS6.5AI score0.01862EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:27 a.m.7 views

CVE-2013-3654

Directory traversal vulnerability in LOCKON EC-CUBE 2.12.0 through 2.12.4 allows remote attackers to read arbitrary image files via vectors related to data/class/SCCheckError.php and data/class/SCFormParam.php, a different vulnerability than CVE-2013-3650...

5CVSS6.6AI score0.01862EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:17 a.m.9 views

CVE-2013-2313

Session fixation vulnerability in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to hijack web sessions via unspecified vectors...

4CVSS7.1AI score0.01869EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:16 a.m.8 views

CVE-2013-2312

Cross-site scripting XSS vulnerability in the shopping-cart screen in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

4.3CVSS5.8AI score0.01792EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:15 a.m.7 views

CVE-2013-2314

Cross-site scripting XSS vulnerability in the adminAuthorization function in data/class/helper/SCHelperSession.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL associated with the management screen...

4.3CVSS5.8AI score0.01792EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:18 a.m.5 views

CVE-2014-0808

Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users' information by sending a crafted HTTP request...

9.1CVSS6.5AI score0.02245EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:57 a.m.6 views

CVE-2011-1325

Cross-site request forgery CSRF vulnerability in EC-CUBE before 2.11.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...

5.8CVSS7.5AI score0.0061EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:33 a.m.6 views

CVE-2013-3653

Multiple cross-site scripting XSS vulnerabilities in the RecommendSearch feature in the management screen in LOCKON EC-CUBE before 2.12.5 allow remote attackers to inject arbitrary web script or HTML via vectors involving the rank parameter, a different vulnerability than CVE-2013-3652...

4.3CVSS5.8AI score0.05932EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:39 a.m.11 views

CVE-2013-2315

data/class/pages/forgot/LCPageForgot.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 does not properly validate the input to the password reminder function, which allows remote attackers to obtain sensitive information via a crafted request...

5CVSS6.6AI score0.01369EPSS
Exploits0References1
NVD
NVD
added 2024/07/30 9:15 a.m.12 views

CVE-2024-41924

Acceptance of extraneous untrusted data with trusted data vulnerability exists in EC-CUBE 4 series. If this vulnerability is exploited, an attacker who obtained the administrative privilege may install an arbitrary PHP package. If the obsolete versions of PHP packages are installed, the product m...

7.2CVSS0.00267EPSS
Exploits0References2
NVD
NVD
added 2024/07/30 9:15 a.m.54 views

CVE-2024-41141

Stored cross-site scripting vulnerability exists in EC-CUBE Web API Plugin. When there are multiple users using OAuth Management feature and one of them inputs some crafted value on the OAuth Management page, an arbitrary script may be executed on the web browser of the other user who accessed th...

6.1CVSS0.00271EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/30 8:45 a.m.13 views

CVE-2024-41924

Acceptance of extraneous untrusted data with trusted data vulnerability exists in EC-CUBE 4 series. If this vulnerability is exploited, an attacker who obtained the administrative privilege may install an arbitrary PHP package. If the obsolete versions of PHP packages are installed, the product m...

7.2AI score0.00267EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/30 8:45 a.m.15 views

CVE-2024-41924

Acceptance of extraneous untrusted data with trusted data vulnerability exists in EC-CUBE 4 series. If this vulnerability is exploited, an attacker who obtained the administrative privilege may install an arbitrary PHP package. If the obsolete versions of PHP packages are installed, the product m...

0.00267EPSS
Exploits0References2
CVE
CVE
added 2024/07/30 8:45 a.m.58 views

CVE-2024-41924

CVE-2024-41924 affects EC-CUBE 4 series (EC-CUBE CO.,LTD.). The issue is an improper input validation when installing plugins (CWE-349) that allows an attacker with administrative privileges to install an arbitrary PHP package due to acceptance of extraneous untrusted data with trusted data. If o...

7.2CVSS7.4AI score0.00267EPSS
Exploits0References2
CVE
CVE
added 2024/07/30 8:45 a.m.91 views

CVE-2024-41141

CVE-2024-41141 is a stored cross-site scripting vulnerability in the EC-CUBE Web API Plugin (OAuth Management). When multiple users use OAuth Management and one user inputs a crafted value, an arbitrary script may run in the browser of other users who accessed the management page. Documents consi...

6.1CVSS6.4AI score0.00271EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/30 8:45 a.m.18 views

CVE-2024-41141

Stored cross-site scripting vulnerability exists in EC-CUBE Web API Plugin. When there are multiple users using OAuth Management feature and one of them inputs some crafted value on the OAuth Management page, an arbitrary script may be executed on the web browser of the other user who accessed th...

6.2AI score0.00271EPSS
Exploits0References2
Rows per page
Query Builder