Latest ec-cube ec-cube Vulnerabilities

CVE-2023-46845
EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2) contain an arbitrary code execution vulnerability due to improper settings of the template...
EC-CUBE EC-CUBE>=3.0.0<=3.0.18
EC-CUBE EC-CUBE>=4.0.0<=4.0.6
EC-CUBE EC-CUBE>=4.1.0<=4.1.2
EC-CUBE EC-CUBE>=4.2.0<4.2.3
EC-CUBE EC-CUBE=3.0.18-p1
EC-CUBE EC-CUBE=3.0.18-p2
and 9 more
CVE-2023-40281
EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerability in "mail/template" and "products/product" of Management page. If this vulnerability is exploited, an arbitrary script may be e...
EC-CUBE EC-CUBE>=2.11.0<=2.11.5
EC-CUBE EC-CUBE>=2.12.0<=2.12.6
EC-CUBE EC-CUBE>=2.13.0<2.13.5
EC-CUBE EC-CUBE>=2.17.0<2.17.2
EC-CUBE EC-CUBE=2.13.5
EC-CUBE EC-CUBE=2.13.5-patch1
and 2 more
CVE-2023-25077
Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitra...
EC-CUBE EC-CUBE>=4.0.0<=4.0.6
EC-CUBE EC-CUBE>=4.1.0<=4.1.2
EC-CUBE EC-CUBE=4.0.6-p1
EC-CUBE EC-CUBE=4.0.6-p2
EC-CUBE EC-CUBE=4.1.2-p1
EC-CUBE EC-CUBE=4.2.0
CVE-2023-22838
Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to...
EC-CUBE EC-CUBE>=4.0.0<=4.0.6
EC-CUBE EC-CUBE>=4.1.0<=4.1.2
EC-CUBE EC-CUBE=4.0.6-p1
EC-CUBE EC-CUBE=4.0.6-p2
EC-CUBE EC-CUBE=4.1.2-p1
EC-CUBE EC-CUBE=4.2.0
CVE-2022-40199
Directory traversal vulnerability in EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p4 ) and EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote authenticated attacker with an administrative privileg...
EC-CUBE EC-CUBE>=3.0.0<3.0.18
EC-CUBE EC-CUBE>=4.0.0<=4.1.2
EC-CUBE EC-CUBE=3.0.18
EC-CUBE EC-CUBE=3.0.18-p1
EC-CUBE EC-CUBE=3.0.18-p2
EC-CUBE EC-CUBE=3.0.18-p3
and 1 more
CVE-2022-38975
DOM-based cross-site scripting vulnerability in EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote attacker to inject an arbitrary script by having an administrative user of the product to visi...
EC-CUBE EC-CUBE>=4.0.0<=4.1.2
CVE-2022-25355
EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handle HTTP Host header values, which may lead a remote unauthenticated attacker to direct the vulnerable version of EC-CUBE to send an...
EC-CUBE EC-CUBE>=3.0.0<3.0.18
EC-CUBE EC-CUBE>=4.0.0<=4.1.1
EC-CUBE EC-CUBE=3.0.18
EC-CUBE EC-CUBE=3.0.18-p1
EC-CUBE EC-CUBE=3.0.18-p2
EC-CUBE EC-CUBE=3.0.18-p3
CVE-2021-20841
Improper access control in Management screen of EC-CUBE 2 series 2.11.2 to 2.17.1 allows a remote authenticated attacker to bypass access restriction and to alter System settings via unspecified vecto...
EC-CUBE EC-CUBE>=2.11.2<=2.17.1
CVE-2021-20842
Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series 2.11.0 to 2.17.1 allows a remote attacker to hijack the authentication of Administrator and delete Administrator via a specially cra...
EC-CUBE EC-CUBE>=2.11.0<=2.17.1
CVE-2021-20828
Cross-site scripting vulnerability in Order Status Batch Change Plug-in (for EC-CUBE 3.0 series) all versions allows a remote attacker to inject an arbitrary script via unspecified vectors.
Activefusions Order Status Batch Change
EC-CUBE EC-CUBE=3.0.0
CVE-2021-20825
Cross-site scripting vulnerability in List (order management) item change plug-in (for EC-CUBE 3.0 series) Ver.1.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified ve...
Shiro8 List \(order Management\) Item Change<=1.1
EC-CUBE EC-CUBE=3.0.0
CVE-2021-20751
Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially c...
EC-CUBE EC-CUBE>=4.0.0<4.0.5
EC-CUBE EC-CUBE=4.0.5.
CVE-2021-20750
Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18-p2 (EC-CUBE 3 series) and EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by l...
EC-CUBE EC-CUBE>=3.0.0<3.0.18
EC-CUBE EC-CUBE>=4.0.0<4.0.5
EC-CUBE EC-CUBE=3.0.18
EC-CUBE EC-CUBE=3.0.18-p1
EC-CUBE EC-CUBE=4.0.5
CVE-2021-20744
Cross-site scripting vulnerability in EC-CUBE Category contents plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script by leading an adm...
EC-CUBE Business form output<1.0.1
EC-CUBE EC-CUBE>=3.0.0<=3.0.8
CVE-2021-20742
Cross-site scripting vulnerability in EC-CUBE Business form output plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script via unspecifie...
EC-CUBE Business form output<1.0.1
EC-CUBE EC-CUBE>=3.0.0<=3.0.8
CVE-2021-20743
Cross-site scripting vulnerability in EC-CUBE Email newsletters management plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.4 allows a remote attacker to inject an arbitrary script by lea...
EC-CUBE Email newsletters management<1.0.4
EC-CUBE EC-CUBE>=3.0.0<=3.0.8
CVE-2021-20717
Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE...
EC-CUBE EC-CUBE>=4.0.0<4.0.5
CVE-2020-5680
Improper input validation vulnerability in EC-CUBE versions from 3.0.5 to 3.0.18 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vector.
EC-CUBE EC-CUBE>=3.0.5<=3.0.18
CVE-2020-5679
Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administr...
EC-CUBE EC-CUBE>=3.0.0<=3.0.18
CVE-2018-16191
Open redirect vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3.0.4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3....
EC-CUBE EC-CUBE>=3.0.0<=3.0.16
CVE-2018-0658
Input validation issue in EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) ve...
Ec-cube Ec-cube Payment Module<=2.3.17
Gmo-pg Gmo-pg Payment Module<=2.3.17
EC-CUBE EC-CUBE=2.11
Ec-cube Ec-cube Payment Module<=3.5.23
Gmo-pg Gmo-pg Payment Module<=3.5.23
EC-CUBE EC-CUBE=2.12
CVE-2018-0657
Ec-cube Ec-cube Payment Module<=2.3.17
Gmo-pg Gmo-pg Payment Module<=2.3.17
EC-CUBE EC-CUBE=2.11
Ec-cube Ec-cube Payment Module<=3.5.23
Gmo-pg Gmo-pg Payment Module<=3.5.23
EC-CUBE EC-CUBE=2.12

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203