Ec-cube@2.11.0 Security Vulnerabilities and Issues — Ec-cube@2.11.0 CVE List

Lucene search

LockonEc-cube2.11.0

3 matches found

CVE•added 2011/02/03 4:0 p.m.•35 views

CVE-2011-0451

Multiple cross-site scripting (XSS) vulnerabilities in (1) data/Smarty/templates/default/list.tpl and (2) data/Smarty/templates/default/campaign/bloc/cart_tag.tpl in EC-CUBE before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.0048EPSS

CVE•added 2011/05/13 5:5 p.m.•30 views

CVE-2011-1325

Cross-site request forgery (CSRF) vulnerability in EC-CUBE before 2.11.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

5.8CVSS7.3AI score0.00164EPSS

CVE•added 2011/10/21 6:55 p.m.•29 views

CVE-2011-3988

SQL injection vulnerability in data/class/SC_Query.php in EC-CUBE 2.11.0 through 2.11.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5CVSS8.6AI score0.01208EPSS