Published: 2021/06/23  Last Updated: 2021/06/23

Information from EC-CUBE CO.,LTD.

Vulnerability ID:JVN#95292458
Title:Multiple cross-site scripting vulnerabilities in EC-CUBE

This is a statement from the vendor itself with no modification by JPCERT/CC.

The details of the vulnerability and how to fix it are described below.

EC-CUBE ver 3

EC-CUBE ver 4