First published: Fri Sep 07 2018(Updated: )
Credit: vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
Ec-cube Ec-cube Payment Module | <=2.3.17 | |
Gmo-pg Gmo-pg Payment Module | <=2.3.17 | |
EC-CUBE EC-CUBE | =2.11 | |
Ec-cube Ec-cube Payment Module | <=3.5.23 | |
Gmo-pg Gmo-pg Payment Module | <=3.5.23 | |
EC-CUBE EC-CUBE | =2.12 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-0657 is a cross-site scripting vulnerability in EC-CUBE Payment Module and GMO-PG Payment Module.
The affected software versions for CVE-2018-0657 are EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, and GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier.
The severity of CVE-2018-0657 is medium with a severity value of 4.8.
To fix the cross-site scripting vulnerability, update EC-CUBE Payment Module to version 3.5.24 (or later) and GMO-PG Payment Module to version 3.5.24 (or later).
You can find more information about CVE-2018-0657 at the following link: [CVE-2018-0657](http://jvn.jp/en/jp/JVN06372244/index.html)