Published: 2023/02/28  Last Updated: 2023/02/28

Information from EC-CUBE CO.,LTD.

Vulnerability ID:JVN#04785663
Title:Multiple cross-site scripting vulnerabilities in EC-CUBE
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

The details of the vulnerability and how to fix it are described below.


1. XSS on EC-CUBE4

Risk Level:
low

Version with the Vulnerability:

4.0.0~4.0.6-p2
4.1.0~4.1.2-p1
4.2.0

Details of the informaiton
https://www.ec-cube.net/info/weakness/20230214/

2.XSS on EC-CUBE3

Risk Level:
low

Version with the Vulnerability:
3.0.0 ~ 3.0.18-p5

Details of the informaiton
https://www.ec-cube.net/info/weakness/20230214/index_3.php

3. XSS on EC-CUBE2

Risk Level:
low

Version with the Vulnerability:
2.11.0~2.11.5
2.12.0~2.12.6
2.13.0~2.13.5
2.17.0~2.17.2

Details of the informaiton
https://www.ec-cube.net/info/weakness/20230214/index_2.php