Lucene search
+L

1263 matches found

Cvelist
Cvelist
added 2013/06/29 4:0 p.m.22 views

CVE-2013-3652

Cross-site scripting XSS vulnerability in data/class/pages/products/LCPageProductsList.php in LOCKON EC-CUBE 2.11.0 through 2.12.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving the classcategoryid2 field, a different vulnerability than CVE-2013-3653...

5.5AI score0.05932EPSS
Exploits0References5
Cvelist
Cvelist
added 2013/06/29 4:0 p.m.24 views

CVE-2013-3653

Multiple cross-site scripting XSS vulnerabilities in the RecommendSearch feature in the management screen in LOCKON EC-CUBE before 2.12.5 allow remote attackers to inject arbitrary web script or HTML via vectors involving the rank parameter, a different vulnerability than CVE-2013-3652...

5.6AI score0.01792EPSS
Exploits0References5
CVE
CVE
added 2013/06/29 4:0 p.m.46 views

CVE-2013-3652

CVE-2013-3652 is a cross-site scripting (XSS) vulnerability affecting LOCKON EC-CUBE versions 2.11.0 through 2.12.4. The flaw resides in the file data/class/pages/products/LC_Page_Products_List.php and can be exploited by manipulating the field classcategory_id2 to inject arbitrary web script or ...

4.3CVSS5.7AI score0.05932EPSS
Exploits0References5Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/06/27 5:33 a.m.8 views

EC-CUBE vulnerable to directory traversal

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a directory traversal vulnerability. Note that this vulnerability is different from JVN43886811. LOCKON CO.,LTD. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

5CVSS6.9AI score0.01862EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/06/27 5:31 a.m.6 views

EC-CUBE vulnerable to cross-site scripting

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN07192063. Ren Hirasawa of Gehirn Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...

4.3CVSS6.1AI score0.01792EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/06/27 5:31 a.m.4 views

EC-CUBE vulnerable to cross-site scripting

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN98665228. Daiki Ishimori of Gehirn Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...

4.3CVSS6.1AI score0.05932EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/06/27 5:29 a.m.5 views

EC-CUBE vulnerable to code injection

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a code injection vulnerability. Gen Sato reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

7.5CVSS7.3AI score0.04285EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/06/27 5:29 a.m.5 views

EC-CUBE vulnerable to directory traversal

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a directory traversal vulnerability. Note that this vulnerability is different from JVN04161229. Gen Sato reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

5CVSS6.8AI score0.01862EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/06/27 12:0 a.m.38 views

JVN#04161229: EC-CUBE vulnerable to directory traversal

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a directory traversal vulnerability. Note that this vulnerability is different from JVN43886811. Impact A remote attacker may obtain arbitrary image files on the server. Solution Apply the updat...

5CVSS6.4AI score0.01862EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/06/27 12:0 a.m.35 views

JVN#43886811: EC-CUBE vulnerable to directory traversal

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a directory traversal vulnerability. Note that this vulnerability is different from JVN04161229. Impact A remote attacker may obtain arbitrary image files on the server. Solution Apply the updat...

5CVSS6.3AI score0.01862EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/06/27 12:0 a.m.28 views

JVN#98665228: EC-CUBE vulnerable to cross-site scripting

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN07192063. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the update ...

4.3CVSS5.7AI score0.01792EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/06/27 12:0 a.m.30 views

JVN#07192063: EC-CUBE vulnerable to cross-site scripting

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN98665228. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the update ...

4.3CVSS5.8AI score0.05932EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/06/27 12:0 a.m.40 views

JVN#34900750: EC-CUBE vulnerable to code injection

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a code injection vulnerability. Impact Arbitrary PHP code may be executed with the privilege of the application on the server where it resides. Solution Apply the update or patch Apply the updat...

7.5CVSS6.9AI score0.04285EPSS
Exploits0
NVD
NVD
added 2013/05/29 7:55 p.m.22 views

CVE-2013-2312

Cross-site scripting XSS vulnerability in the shopping-cart screen in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

4.3CVSS5.6AI score0.01792EPSS
Exploits0References4
NVD
NVD
added 2013/05/29 7:55 p.m.10 views

CVE-2013-2315

data/class/pages/forgot/LCPageForgot.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 does not properly validate the input to the password reminder function, which allows remote attackers to obtain sensitive information via a crafted request...

5CVSS6.2AI score0.01369EPSS
Exploits0References4
NVD
NVD
added 2013/05/29 7:55 p.m.16 views

CVE-2013-2313

Session fixation vulnerability in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to hijack web sessions via unspecified vectors...

4CVSS6.7AI score0.01869EPSS
Exploits0References5
NVD
NVD
added 2013/05/29 7:55 p.m.20 views

CVE-2013-2314

Cross-site scripting XSS vulnerability in the adminAuthorization function in data/class/helper/SCHelperSession.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL associated with the management screen...

4.3CVSS5.6AI score0.01792EPSS
Exploits0References4
Prion
Prion
added 2013/05/29 7:55 p.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in the shopping-cart screen in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

4.3CVSS6AI score0.01792EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2013/05/29 7:55 p.m.14 views

Session fixation

Session fixation vulnerability in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to hijack web sessions via unspecified vectors...

4CVSS7.2AI score0.01869EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2013/05/29 7:0 p.m.49 views

CVE-2013-2313

CVE-2013-2313 refers to a session fixation vulnerability in LOCKON EC-CUBE, affecting EC-CUBE versions 2.11.0 through 2.12.3enP2. The underlying issue allows a remote attacker to hijack a user session, potentially leading to impersonation and unauthorized access or data modification. Public docum...

4CVSS6.8AI score0.01869EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder