2 matches found
PT-2025-47617
Missing JSON Content-Type header in a script in Revive Adserver 6.0.1 and 5.5.2 and earlier versions causes a stored XSS attack to be possible for a logged in manager user...
EC-CUBE vulnerable to directory traversal
Overview EC-CUBE provided by EC-CUBE CO.,LTD. contains a directory traversal vulnerability CWE-22. EC-CUBE CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and EC-CUBE CO.,LTD. coordinated under the Information Security Early Warning...