Published: 2022/09/15  Last Updated: 2022/09/20

Information from EC-CUBE CO.,LTD.

Vulnerability ID:JVN#21213852
Title:Multiple vulnerabilities in EC-CUBE
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

The details of the vulnerability and how to fix it are described below.

Directory traversal
https://www.ec-cube.net/info/weakness/20220909/

DOM Based XSS
https://www.ec-cube.net/info/weakness/20220909/xss.php

update history

2022/09/20