Описание
EC-CUBE Cross-site scripting vulnerability
Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18-p2 (EC-CUBE 3 series) and EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation.
Пакеты
Наименование
ec-cube/ec-cube
composer
Затронутые версииВерсия исправления
>= 3.0.0, <= 3.0.18-p2
Отсутствует
Наименование
ec-cube/ec-cube
composer
Затронутые версииВерсия исправления
>= 4.0.0, <= 4.0.5-p1
4.0.6
Связанные уязвимости
CVSS3: 6.1
nvd
больше 4 лет назад
Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18-p2 (EC-CUBE 3 series) and EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation.