Published:
2021/09/13
Last Updated:
2021/09/13
Information from shiro8 Co., Ltd.
Vulnerability ID:JVN#46313661
Title:EC-CUBE plugin "List (order management) item change plug-in" vulnerable to cross-site scripting
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
EC-CUBE 3.0 plug-in "List (order management) item change plug-in" Ver.1.1 and earlier, there is a cross-site scripting vulnerability.
Arbitrary scripts may be executed on the web browser of the user who accessed the management screen of the product.
