CVE-2018-0657: XSS
First published: Fri Sep 07 2018(Updated: )
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ec-cube Ec-cube Payment Module | <=2.3.17 | |
| Gmo-pg Gmo-pg Payment Module | <=2.3.17 | |
| EC-CUBE EC-CUBE | =2.11 | |
| Ec-cube Ec-cube Payment Module | <=3.5.23 | |
| Gmo-pg Gmo-pg Payment Module | <=3.5.23 | |
| EC-CUBE EC-CUBE | =2.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-0657?
CVE-2018-0657 is a cross-site scripting vulnerability in EC-CUBE Payment Module and GMO-PG Payment Module.
Which software versions are affected by CVE-2018-0657?
The affected software versions for CVE-2018-0657 are EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, and GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier.
What is the severity of CVE-2018-0657?
The severity of CVE-2018-0657 is medium with a severity value of 4.8.
How can I fix the cross-site scripting vulnerability in EC-CUBE Payment Module and GMO-PG Payment Module?
To fix the cross-site scripting vulnerability, update EC-CUBE Payment Module to version 3.5.24 (or later) and GMO-PG Payment Module to version 3.5.24 (or later).
Where can I find more information about CVE-2018-0657?
You can find more information about CVE-2018-0657 at the following link: [CVE-2018-0657](http://jvn.jp/en/jp/JVN06372244/index.html)
- collector/nvd-index
- vendor/ec-cube
- product/ec-cube payment module
- canonical/ec-cube ec-cube payment module
- vendor/gmo-pg
- product/gmo-pg payment module
- canonical/gmo-pg gmo-pg payment module
- product/ec-cube
- canonical/ec-cube ec-cube