Ec-cube Security Vulnerabilities and Issues — Ec-cube CVE List

Lucene search

LockonEc-cube

9 matches found

CVE•added 2013/11/21 4:40 a.m.•40 views

CVE-2013-5992

Cross-site scripting (XSS) vulnerability in the displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to inject arbitrary web script or HTML by leveraging incorrect handling of error-message output.

4.3CVSS5.9AI score0.00254EPSS

CVE•added 2013/06/30 8:56 p.m.•36 views

CVE-2013-3653

Multiple cross-site scripting (XSS) vulnerabilities in the RecommendSearch feature in the management screen in LOCKON EC-CUBE before 2.12.5 allow remote attackers to inject arbitrary web script or HTML via vectors involving the rank parameter, a different vulnerability than CVE-2013-3652.

4.3CVSS5.7AI score0.00472EPSS

CVE•added 2013/11/21 4:40 a.m.•36 views

CVE-2013-5996

Multiple cross-site scripting (XSS) vulnerabilities in shopping/payment.tpl components in LOCKON EC-CUBE 2.11.0 through 2.13.0 allow remote attackers to inject arbitrary web script or HTML via crafted values.

4.3CVSS5.9AI score0.00256EPSS

CVE•added 2011/02/03 4:0 p.m.•35 views

CVE-2011-0451

Multiple cross-site scripting (XSS) vulnerabilities in (1) data/Smarty/templates/default/list.tpl and (2) data/Smarty/templates/default/campaign/bloc/cart_tag.tpl in EC-CUBE before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.0048EPSS

CVE•added 2013/06/30 8:56 p.m.•34 views

CVE-2013-3652

Cross-site scripting (XSS) vulnerability in data/class/pages/products/LC_Page_Products_List.php in LOCKON EC-CUBE 2.11.0 through 2.12.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving the classcategory_id2 field, a different vulnerability than CVE-2013-3653.

4.3CVSS5.7AI score0.00472EPSS

CVE•added 2013/11/21 4:40 a.m.•32 views

CVE-2013-5991

The displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to obtain sensitive information by leveraging incorrect handling of error-log output.

4.3CVSS6.4AI score0.00283EPSS

CVE•added 2013/05/29 7:55 p.m.•31 views

CVE-2013-2314

Cross-site scripting (XSS) vulnerability in the adminAuthorization function in data/class/helper/SC_Helper_Session.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL associated with the management screen.

4.3CVSS5.8AI score0.00256EPSS

CVE•added 2013/05/29 7:55 p.m.•29 views

CVE-2013-2313

Session fixation vulnerability in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to hijack web sessions via unspecified vectors.

4CVSS6.8AI score0.00312EPSS

CVE•added 2013/05/29 7:55 p.m.•28 views

CVE-2013-2312

Cross-site scripting (XSS) vulnerability in the shopping-cart screen in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3CVSS5.8AI score0.00256EPSS