139 matches found
CVE-2013-5996
Multiple cross-site scripting XSS vulnerabilities in shopping/payment.tpl components in LOCKON EC-CUBE 2.11.0 through 2.13.0 allow remote attackers to inject arbitrary web script or HTML via crafted values...
CVE-2013-5994
data/class/pages/mypage/LCPageMypageDeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message...
CVE-2013-5993
Cross-site request forgery CSRF vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors related to refusals...
CVE-2013-5995
data/class/helper/SCHelperAddress.php in the front-features implementation in LOCKON EC-CUBE 2.12.3 through 2.13.0 allows remote authenticated users to obtain sensitive information via unspecified vectors related to addresses...
CVE-2013-5992
Cross-site scripting XSS vulnerability in the displaySystemError function in html/handleerror.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to inject arbitrary web script or HTML by leveraging incorrect handling of error-message output...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors related to refusals...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in shopping/payment.tpl components in LOCKON EC-CUBE 2.11.0 through 2.13.0 allow remote attackers to inject arbitrary web script or HTML via crafted values...
Information disclosure
data/class/pages/mypage/LCPageMypageDeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message...
CVE-2013-5996
Multiple cross-site scripting XSS vulnerabilities in shopping/payment.tpl components in LOCKON EC-CUBE 2.11.0 through 2.13.0 allow remote attackers to inject arbitrary web script or HTML via crafted values...
CVE-2013-5994
data/class/pages/mypage/LCPageMypageDeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message...
CVE-2013-5993
Cross-site request forgery CSRF vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors related to refusals...
CVE-2013-5992
Cross-site scripting XSS vulnerability in the displaySystemError function in html/handleerror.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to inject arbitrary web script or HTML by leveraging incorrect handling of error-message output...
CVE-2013-5993
EC-CUBE (LOCKON) vulnerable to CSRF in EC-CUBE 2.11.0–2.13.0. The vulnerability allows an attacker to perform unintended actions on behalf of a logged-in user via CSRF vectors. Affected products/versions are EC-CUBE 2.11.x to 2.13.0; root cause is CSRF where a user’s session can be hijacked by vi...
CVE-2013-5995
data/class/helper/SCHelperAddress.php in the front-features implementation in LOCKON EC-CUBE 2.12.3 through 2.13.0 allows remote authenticated users to obtain sensitive information via unspecified vectors related to addresses...
CVE-2013-5996
EC-CUBE vulnerable to cross-site scripting (XSS) in the shopping/payment.tpl components. Affected product/version range: EC-CUBE 2.11.0 through 2.13.0. Root cause described as XSS via crafted values, enabling remote script/HTML execution in the user’s browser. Remediation: apply the update/patch ...
CVE-2013-5994
EC-CUBE information disclosure vulnerability CVE-2013-5994 affects EC-CUBE 2.11.2–2.13.0. The issue allows remote attackers to obtain the server file path via a crafted request, exposing sensitive information in an error message. Affected products are listed in JVN/JVNDB entries (EC-CUBE 2.11.2 t...
CVE-2013-5991
The CVE-2013-5991 vulnerability affects EC-CUBE: the displaySystemError function in html/handle_error.php on LOCKON EC-CUBE versions 2.11.0–2.11.5 can disclose sensitive information due to incorrect handling of error-log output. Affected product is EC-CUBE (LOCKON), with the issue arising in erro...
CVE-2013-5995
CVE-2013-5995 affects EC-CUBE 2.12.3 through 2.13.0 (LOCKON). The issue lies in data/class/helper/SC_Helper_Address.php within the front-features implementation, allowing remote authenticated users to obtain sensitive information via unspecified vectors related to addresses. Connected documents c...
CVE-2013-5992
EC-CUBE 2.11.0–2.11.5 is vulnerable to a Cross-Site Scripting (XSS) flaw in the displaySystemError function that mishandles error-message output. The root cause is improper escaping/output handling of error messages in html/handle_error.php, allowing remote attackers to inject arbitrary script/HT...
JVN#61077110: EC-CUBE vulnerable to information disclosure
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a vulnerability in processing the output of error logs, which may lead to information disclosure. Impact A user who visits the shopping site may view the information managed by the website owner...