Published: 2021/06/23  Last Updated: 2021/06/23

Information from EC-CUBE CO.,LTD.

Vulnerability ID:JVN#95292458
Title:Multiple cross-site scripting vulnerabilities in EC-CUBE
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

The details of the vulnerability and how to fix it are described below.

EC-CUBE ver 3
https://www.ec-cube.net/info/weakness/weakness.php?id=79

EC-CUBE ver 4
https://www.ec-cube.net/info/weakness/weakness.php?id=78