Lucene search
+L

139 matches found

NVD
NVD
added 2013/11/21 4:40 a.m.14 views

CVE-2013-5996

Multiple cross-site scripting XSS vulnerabilities in shopping/payment.tpl components in LOCKON EC-CUBE 2.11.0 through 2.13.0 allow remote attackers to inject arbitrary web script or HTML via crafted values...

4.3CVSS5.8AI score0.01883EPSS
Exploits1References4
NVD
NVD
added 2013/11/21 4:40 a.m.19 views

CVE-2013-5994

data/class/pages/mypage/LCPageMypageDeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message...

5CVSS6.1AI score0.01504EPSS
Exploits1References4
NVD
NVD
added 2013/11/21 4:40 a.m.18 views

CVE-2013-5993

Cross-site request forgery CSRF vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors related to refusals...

6.8CVSS7.2AI score0.01079EPSS
Exploits1References4
NVD
NVD
added 2013/11/21 4:40 a.m.16 views

CVE-2013-5995

data/class/helper/SCHelperAddress.php in the front-features implementation in LOCKON EC-CUBE 2.12.3 through 2.13.0 allows remote authenticated users to obtain sensitive information via unspecified vectors related to addresses...

5.5CVSS5.7AI score0.01172EPSS
Exploits1References4
NVD
NVD
added 2013/11/21 4:40 a.m.16 views

CVE-2013-5992

Cross-site scripting XSS vulnerability in the displaySystemError function in html/handleerror.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to inject arbitrary web script or HTML by leveraging incorrect handling of error-message output...

4.3CVSS5.7AI score0.01207EPSS
Exploits1References3
Prion
Prion
added 2013/11/21 4:40 a.m.19 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors related to refusals...

6.8CVSS7.7AI score0.01079EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2013/11/21 4:40 a.m.14 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in shopping/payment.tpl components in LOCKON EC-CUBE 2.11.0 through 2.13.0 allow remote attackers to inject arbitrary web script or HTML via crafted values...

4.3CVSS6AI score0.01883EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2013/11/21 4:40 a.m.21 views

Information disclosure

data/class/pages/mypage/LCPageMypageDeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message...

5CVSS6.6AI score0.01504EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2013/11/21 2:0 a.m.19 views

CVE-2013-5996

Multiple cross-site scripting XSS vulnerabilities in shopping/payment.tpl components in LOCKON EC-CUBE 2.11.0 through 2.13.0 allow remote attackers to inject arbitrary web script or HTML via crafted values...

5.8AI score0.01883EPSS
Exploits1References4
Cvelist
Cvelist
added 2013/11/21 2:0 a.m.20 views

CVE-2013-5994

data/class/pages/mypage/LCPageMypageDeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message...

6.1AI score0.01504EPSS
Exploits1References4
Cvelist
Cvelist
added 2013/11/21 2:0 a.m.25 views

CVE-2013-5993

Cross-site request forgery CSRF vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors related to refusals...

7.2AI score0.01079EPSS
Exploits1References4
Cvelist
Cvelist
added 2013/11/21 2:0 a.m.19 views

CVE-2013-5992

Cross-site scripting XSS vulnerability in the displaySystemError function in html/handleerror.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to inject arbitrary web script or HTML by leveraging incorrect handling of error-message output...

5.7AI score0.01207EPSS
Exploits1References3
CVE
CVE
added 2013/11/21 2:0 a.m.98 views

CVE-2013-5993

EC-CUBE (LOCKON) vulnerable to CSRF in EC-CUBE 2.11.0–2.13.0. The vulnerability allows an attacker to perform unintended actions on behalf of a logged-in user via CSRF vectors. Affected products/versions are EC-CUBE 2.11.x to 2.13.0; root cause is CSRF where a user’s session can be hijacked by vi...

6.8CVSS7.3AI score0.01079EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2013/11/21 2:0 a.m.25 views

CVE-2013-5995

data/class/helper/SCHelperAddress.php in the front-features implementation in LOCKON EC-CUBE 2.12.3 through 2.13.0 allows remote authenticated users to obtain sensitive information via unspecified vectors related to addresses...

5.7AI score0.01172EPSS
Exploits1References4
CVE
CVE
added 2013/11/21 2:0 a.m.49 views

CVE-2013-5996

EC-CUBE vulnerable to cross-site scripting (XSS) in the shopping/payment.tpl components. Affected product/version range: EC-CUBE 2.11.0 through 2.13.0. Root cause described as XSS via crafted values, enabling remote script/HTML execution in the user’s browser. Remediation: apply the update/patch ...

4.3CVSS5.9AI score0.01883EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2013/11/21 2:0 a.m.44 views

CVE-2013-5994

EC-CUBE information disclosure vulnerability CVE-2013-5994 affects EC-CUBE 2.11.2–2.13.0. The issue allows remote attackers to obtain the server file path via a crafted request, exposing sensitive information in an error message. Affected products are listed in JVN/JVNDB entries (EC-CUBE 2.11.2 t...

5CVSS6.3AI score0.01504EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2013/11/21 2:0 a.m.47 views

CVE-2013-5991

The CVE-2013-5991 vulnerability affects EC-CUBE: the displaySystemError function in html/handle_error.php on LOCKON EC-CUBE versions 2.11.0–2.11.5 can disclose sensitive information due to incorrect handling of error-log output. Affected product is EC-CUBE (LOCKON), with the issue arising in erro...

4.3CVSS6.4AI score0.01309EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2013/11/21 2:0 a.m.44 views

CVE-2013-5995

CVE-2013-5995 affects EC-CUBE 2.12.3 through 2.13.0 (LOCKON). The issue lies in data/class/helper/SC_Helper_Address.php within the front-features implementation, allowing remote authenticated users to obtain sensitive information via unspecified vectors related to addresses. Connected documents c...

5.5CVSS5.8AI score0.01172EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2013/11/21 2:0 a.m.53 views

CVE-2013-5992

EC-CUBE 2.11.0–2.11.5 is vulnerable to a Cross-Site Scripting (XSS) flaw in the displaySystemError function that mishandles error-message output. The root cause is improper escaping/output handling of error messages in html/handle_error.php, allowing remote attackers to inject arbitrary script/HT...

4.3CVSS5.9AI score0.01207EPSS
Exploits1References3Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/11/20 12:0 a.m.42 views

JVN#61077110: EC-CUBE vulnerable to information disclosure

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a vulnerability in processing the output of error logs, which may lead to information disclosure. Impact A user who visits the shopping site may view the information managed by the website owner...

4.3CVSS6AI score0.01309EPSS
Exploits1
Rows per page
Query Builder