638 matches found
EUVD-2022-2871
Malicious code in bioql PyPI...
EUVD-2022-3535
Malicious code in bioql PyPI...
EUVD-2022-6896
Malicious code in bioql PyPI...
CVE-2023-27919
Authentication bypass vulnerability in NEXT ENGINE Integration Plugin for EC-CUBE 2.0 series all versions allows a remote unauthenticated attacker to alter the information stored in the system...
CVE-2023-22438
Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0, EC-CUBE 3 series EC-CUBE 3.0.0 to 3.0.18-p5, and EC-CUBE 2 series EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, an...
CVE-2022-25355
EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handle HTTP Host header values, which may lead a remote unauthenticated attacker to direct the vulnerable version of EC-CUBE to send an Email with some forged reissue-password URL to EC-CUBE users...
CVE-2022-40199
Directory traversal vulnerability in EC-CUBE 3 series EC-CUBE 3.0.0 to 3.0.18-p4 and EC-CUBE 4 series EC-CUBE 4.0.0 to 4.1.2 allows a remote authenticated attacker with an administrative privilege to obtain the product's directory structure information...
CVE-2022-21179
Cross-site request forgery CSRF vulnerability in EC-CUBE plugin 'Mail Magazine Management Plugin' ver4.0.0 to 4.1.1 for EC-CUBE 4 series and ver1.0.0 to 1.0.4 for EC-CUBE 3 series allows a remote unauthenticated attacker to hijack the authentication of an administrator via a specially crafted pag...
CVE-2021-20743
Cross-site scripting vulnerability in EC-CUBE Email newsletters management plugin for EC-CUBE 3.0 series versions prior to version 1.0.4 allows a remote attacker to inject an arbitrary script by leading a user to a specially crafted page and to perform a specific operation...
CVE-2021-20717
Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE. As a result, it may lead to an arbitrary script execution on the administrator's web browser...
CVE-2021-20744
Cross-site scripting vulnerability in EC-CUBE Category contents plugin for EC-CUBE 3.0 series versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation...
CVE-2021-20825
Cross-site scripting vulnerability in List order management item change plug-in for EC-CUBE 3.0 series Ver.1.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors...
CVE-2021-20750
Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18-p2 EC-CUBE 3 series and EC-CUBE 4.0.0 to 4.0.5-p1 EC-CUBE 4 series allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation...
CVE-2021-20751
Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 4.0.5-p1 EC-CUBE 4 series allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation...
CVE-2021-20742
Cross-site scripting vulnerability in EC-CUBE Business form output plugin for EC-CUBE 3.0 series versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script via unspecified vector...
CVE-2021-20841
Improper access control in Management screen of EC-CUBE 2 series 2.11.2 to 2.17.1 allows a remote authenticated attacker to bypass access restriction and to alter System settings via unspecified vectors...
CVE-2021-20842
Cross-site request forgery CSRF vulnerability in EC-CUBE 2 series 2.11.0 to 2.17.1 allows a remote attacker to hijack the authentication of Administrator and delete Administrator via a specially crafted web page...
CVE-2021-20778
Improper access control vulnerability in EC-CUBE 4.0.6 EC-CUBE 4 series allows a remote attacker to bypass access restriction and obtain sensitive information via unspecified vectors...
CVE-2021-20828
Cross-site scripting vulnerability in Order Status Batch Change Plug-in for EC-CUBE 3.0 series all versions allows a remote attacker to inject an arbitrary script via unspecified vectors...
CVE-2020-5590
Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors...