Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:ec-cube:ec-cube:2.13.3:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-40281 |
EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerability in "mail/template" and "products/product" of Management page. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the other administrator or the user who accessed the website using the product. Published: August 17, 2023; 3:15:44 AM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2023-22438 |
Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), and EC-CUBE 2 series (EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, and EC-CUBE 2.17.0 to 2.17.2) allows a remote authenticated attacker to inject an arbitrary script. Published: March 05, 2023; 7:15:10 PM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2021-20842 |
Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series 2.11.0 to 2.17.1 allows a remote attacker to hijack the authentication of Administrator and delete Administrator via a specially crafted web page. Published: November 24, 2021; 11:15:13 AM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-20841 |
Improper access control in Management screen of EC-CUBE 2 series 2.11.2 to 2.17.1 allows a remote authenticated attacker to bypass access restriction and to alter System settings via unspecified vectors. Published: November 24, 2021; 11:15:13 AM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |