Information from EC-CUBE CO.,LTD.

Vulnerability ID:JVN#26225832
Title:EC-CUBE plugin (for EC-CUBE 4 series) "EC-CUBE Web API Plugin" vulnerable to stored cross-site scripting
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.