LOCKON EC-CUBE Social-button Premium Plugin Cross-Site Scripting Vulnerability

LOCKON EC-CUBE is an open source e-commerce website building platform developed by Japan LOCKON Co. A cross-site scripting vulnerability exists in version 1.0 of the Social-button Premium plugin for LOCKON EC-CUBE 2.13.x. The vulnerability can be exploited to inject arbitrary Web script or HTML. ...

CVE-2016-1180

Cross-site scripting XSS vulnerability in the Cyber-Will Social-button Premium plugin before 1.1 for EC-CUBE 2.13.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...