Published:
2021/06/23
Last Updated:
2021/06/23
Information from EC-CUBE CO.,LTD.
Vulnerability ID:JVN#95292458
Title:Multiple cross-site scripting vulnerabilities in EC-CUBE
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
The details of the vulnerability and how to fix it are described below.
EC-CUBE ver 3
https://www.ec-cube.net/info/weakness/weakness.php?id=79
EC-CUBE ver 4
https://www.ec-cube.net/info/weakness/weakness.php?id=78