1263 matches found
CVE-2008-4537
Cross-site scripting XSS vulnerability in EC-CUBE Ver1 1.4.6 and earlier, Ver1 Beta 1.5.0-beta and earlier, Ver2 2.1.2a and earlier, Ver2 BetaRC 2.1.1-beta and earlier, Community Edition 1.3.4 and earlier, and Community Edition Nightly-Build r17336 and earlier allows remote attackers to inject...
CVE-2008-4534
EC-CUBE contains a SQL injection vulnerability in Version 2.x (2.1.2a and earlier, and 2.x RC 2.3.0-rc1 and earlier). The root cause is unsafeguarded SQL construction via unspecified vectors, allowing remote attackers to execute arbitrary SQL commands. Impact described includes potential elevatio...
CVE-2008-4537
CVE-2008-4537 is an XSS vulnerability reported in EC-CUBE across multiple editions (e.g., Ver1 1.4.6 and earlier, Ver1 Beta 1.5.0-beta and earlier, Ver2 2.1.2a and earlier, Ver2 Beta(RC) 2.1.1-beta and earlier, Community Edition 1.3.4 and earlier, and Nightly-Build r17336 and earlier). The vulner...
CVE-2008-4535
EC-CUBE has multiple cross-site scripting (XSS) vulnerabilities documented as CVE-2008-4535, CVE-2008-4536, and CVE-2008-4537. Affected versions span EC-CUBE Ver1 and Ver2 lineups (including Community Edition Nightly-Builds up to specified revisions and beta RCs). The descriptions indicate that r...
CVE-2008-4536
EC-CUBE is affected by a cross-site scripting (XSS) vulnerability in multiple releases: Ver1 1.4.6 and earlier, Ver1 Beta 1.5.0-beta and earlier, Ver2 2.1.2a and earlier, Ver2 Beta(RC) 2.2.0-beta and earlier, Community Edition 1.3.4 and earlier, and Community Edition Nightly-Build r17319/r17623 (...
CVE-2008-4536
Cross-site scripting XSS vulnerability in EC-CUBE Ver1 1.4.6 and earlier, Ver1 Beta 1.5.0-beta and earlier, Ver2 2.1.2a and earlier, Ver2 BetaRC 2.2.0-beta and earlier, Community Edition 1.3.4 and earlier, and Community Edition Nightly-Build r17319 and earlier allows remote attackers to inject...
CVE-2008-4535
Cross-site scripting XSS vulnerability in EC-CUBE Ver2 2.1.2a and earlier, EC-CUBE Ver2 BetaRC 2.2.0-beta and earlier, and EC-CUBE Community Edition Nighly-Build r17623 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than...
CVE-2008-4537
Cross-site scripting XSS vulnerability in EC-CUBE Ver1 1.4.6 and earlier, Ver1 Beta 1.5.0-beta and earlier, Ver2 2.1.2a and earlier, Ver2 BetaRC 2.1.1-beta and earlier, Community Edition 1.3.4 and earlier, and Community Edition Nightly-Build r17336 and earlier allows remote attackers to inject...
CVE-2008-4534
SQL injection vulnerability in EC-CUBE Ver2 2.1.2a and earlier, and Ver2 RC 2.3.0-rc1 and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
EC-CUBE cross-site scripting vulnerability
Overview EC-CUBE provided by LOCKON CO.,LTD. contains a cross-site scripting vulnerability. EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different from JVN61543834, JVN36085487, a...
EC-CUBE cross-site scripting vulnerability
Overview EC-CUBE provided by LOCKON CO.,LTD. contains a cross-site scripting vulnerability. EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different from JVN61543834, JVN26621646, a...
EC-CUBE cross-site scripting vulnerability
Overview EC-CUBE provided by LOCKON CO.,LTD. contains a cross-site scripting vulnerability. EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different from JVN61543834, JVN26621646, a...
EC-CUBE vulnerable to SQL injection
Overview EC-CUBE provided by LOCKON CO.,LTD. contains a SQL injection vulnerability. EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a SQL injection vulnerability. Impact An remote attacker could obtain the website administrator's privilege...
JVN#26621646 EC-CUBE cross-site scripting vulnerability
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different from JVN61543834, JVN36085487, and JVN99916563. Impact An arbitrary script could be executed on the user's web browser...
JVN#36085487 EC-CUBE cross-site scripting vulnerability
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different from JVN61543834, JVN26621646, and JVN99916563. Impact An arbitrary script could be executed on the user's web browser...
JVN#81111541 EC-CUBE vulnerable to SQL injection
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a SQL injection vulnerability. Impact A remote attacker could obtain the website administrator's privilege which was created using EC-CUBE. Solution Update the Software Apply the latest updates...
JVN#99916563 EC-CUBE cross-site scripting vulnerability
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different from JVN61543834, JVN26621646, and JVN36085487. Impact An arbitrary script could be executed on the user's web browser...
Unfixed XSS vulnerability at www.ec-securehost.com
Security researcher fallingmidget, has submitted on 19/06/2008 a cross-site-scripting XSS vulnerability affecting www.ec-securehost.com, which at the time of submission ranked 325136 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 09/07/2008. I...
EC-CUBE cross-site scripting vulnerability
Overview EC-CUBE, an open source system for creating shopping websites, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, session hijacking could be conducted. Solution None...
CVE-2006-6108
Cross-site scripting XSS vulnerability in EC-CUBE before 1.0.1a-beta allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors...