Information from EC-CUBE CO.,LTD.
Vulnerability ID:JVN#04785663
Title:Multiple cross-site scripting vulnerabilities in EC-CUBE
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
The details of the vulnerability and how to fix it are described below.
1. XSS on EC-CUBE4
Risk Level:
low
Version with the Vulnerability:
4.0.0~4.0.6-p2
4.1.0~4.1.2-p1
4.2.0
Details of the informaiton
https://www.ec-cube.net/info/weakness/20230214/
2.XSS on EC-CUBE3
Risk Level:
low
Version with the Vulnerability:
3.0.0 ~ 3.0.18-p5
Details of the informaiton
https://www.ec-cube.net/info/weakness/20230214/index_3.php
3. XSS on EC-CUBE2
Risk Level:
low
Version with the Vulnerability:
2.11.0~2.11.5
2.12.0~2.12.6
2.13.0~2.13.5
2.17.0~2.17.2
Details of the informaiton
https://www.ec-cube.net/info/weakness/20230214/index_2.php
