Описание
Cross-site scripting vulnerability in List (order management) item change plug-in (for EC-CUBE 3.0 series) Ver.1.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors.
Ссылки
- Third Party Advisory
- Product
- Third Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1Версия до 1.1 (включая)
Одновременно
cpe:2.3:a:shiro8:list_\(order_management\)_item_change:*:*:*:*:*:*:*:*
cpe:2.3:a:ec-cube:ec-cube:3.0.0:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00297
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
Cross-site scripting vulnerability in List (order management) item change plug-in (for EC-CUBE 3.0 series) Ver.1.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors.
EPSS
Процентиль: 53%
0.00297
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79