Lucene search
+L

14 matches found

jvn
jvn
added 2018/11/28 12:0 a.m.124 views

JVN#25359688: EC-CUBE vulnerable to open redirect

EC-CUBE provided by LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an open redirect vulnerability CWE-601. Impact When accessing a specially crafted page, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a...

6.1CVSS6.1AI score0.01297EPSS
Exploits0
jvn
jvn
added 2016/04/26 12:0 a.m.26 views

JVN#47473944: EC-CUBE fails to restrict access permissions

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE fails to restrict access permissions. Impact A remote attacker may bypass IP address restrictions and access the login page to the management screen. Solution Apply the update or the patch Apply the upda...

5.3CVSS5.5AI score0.01301EPSS
Exploits0
jvn
jvn
added 2015/07/24 12:0 a.m.43 views

JVN#97971874: Welcart vulnerable to cross-site scripting

Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a cross-site scripting CWE-79 vulnerability due to the processing of uscesreferer parameter in admin.php. Impact If a user views a malicious page while logged into WordPress with this plugin...

4.3CVSS5.8AI score0.02033EPSS
Exploits0
jvn
jvn
added 2014/01/22 12:0 a.m.30 views

JVN#17849447: EC-CUBE vulnerable to information alteration

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information alteration vulnerability. Impact User's information may be altered by other user who visits the shopping site. Solution Apply the update or the patch Apply the update or the patch...

6.4CVSS6.3AI score0.01569EPSS
Exploits1
jvn
jvn
added 2013/09/13 12:0 a.m.37 views

JVN#77455005: ChamaCargo vulnerable to cross-site scripting

ChamaCargo provided by ChamaNet is a system for creating shopping websites. ChamaCargo contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an update Update to the latest version according to the information provided b...

4.3CVSS6AI score0.01148EPSS
Exploits0
jvn
jvn
added 2013/06/27 12:0 a.m.40 views

JVN#34900750: EC-CUBE vulnerable to code injection

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a code injection vulnerability. Impact Arbitrary PHP code may be executed with the privilege of the application on the server where it resides. Solution Apply the update or patch Apply the updat...

7.5CVSS6.9AI score0.04285EPSS
Exploits0
jvn
jvn
added 2013/06/27 12:0 a.m.30 views

JVN#07192063: EC-CUBE vulnerable to cross-site scripting

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN98665228. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the update ...

4.3CVSS5.8AI score0.05932EPSS
Exploits0
jvn
jvn
added 2013/05/23 12:0 a.m.27 views

JVN#52552792: EC-CUBE vulnerable to cross-site scripting

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a vulnerability in handling the output of parameters, which may result in cross-site scripting. Impact When a user accesses a specially crafted URL while there is an item in the shopping cart, a...

4.3CVSS6.3AI score0.01792EPSS
Exploits0
jvn
jvn
added 2012/12/14 12:0 a.m.36 views

JVN#53269985: Welcart vulnerable to cross-site request forgery

Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a cross-site request forgery vulnerability. Impact If a logged in user views a malicious page after an item has been added in the shopping cart, the purchase process may unexpectedly be complete...

6.8CVSS6.1AI score0.0107EPSS
Exploits0
jvn
jvn
added 2012/12/14 12:0 a.m.33 views

JVN#18731696: Welcart vulnerable to cross-site scripting

Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the management page of Welcart. Solution Update the software Update to the latest version according to the...

4.3CVSS5.8AI score0.01948EPSS
Exploits0
jvn
jvn
added 2011/05/10 12:0 a.m.40 views

JVN#37878530: EC-CUBE vulnerable to cross-site request forgery

EC-CUBE provided by LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, information stored within EC-CUBE may be altered. Solution Update the Software Apply t...

5.8CVSS6AI score0.0061EPSS
Exploits0
jvn
jvn
added 2008/10/01 12:0 a.m.31 views

JVN#26621646 EC-CUBE cross-site scripting vulnerability

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different from JVN61543834, JVN36085487, and JVN99916563. Impact An arbitrary script could be executed on the user's web browser...

4.3CVSS5.7AI score0.01223EPSS
Exploits0
jvn
jvn
added 2008/10/01 12:0 a.m.27 views

JVN#36085487 EC-CUBE cross-site scripting vulnerability

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different from JVN61543834, JVN26621646, and JVN99916563. Impact An arbitrary script could be executed on the user's web browser...

4.3CVSS5.7AI score0.01065EPSS
Exploits0
jvn
jvn
added 2008/10/01 12:0 a.m.32 views

JVN#99916563 EC-CUBE cross-site scripting vulnerability

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different from JVN61543834, JVN26621646, and JVN36085487. Impact An arbitrary script could be executed on the user's web browser...

4.3CVSS5.7AI score0.01223EPSS
Exploits0
Rows per page
Query Builder