Vulnerabilidades en EC-CUBE CO.,LTD.
26 resultadosCVE-2021-20717—Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote attacker to inject a specially crafted script in the specific iEPSS 2.3%CVE-2014-0808CRITICALAuthorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29EPSS 2.2%CVE-2021-20778—Improper access control vulnerability in EC-CUBE 4.0.6 (EC-CUBE 4 series) allows a remote attacker to bypass access restriction and obtain sEPSS 2.1%CVE-2020-5590—Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 allows remote authenticated attackers to delete arbitrary fiEPSS 2.1%CVE-2023-46845—EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2) contain an arbitrary code execEPSS 1.6%CVE-2021-20750—Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18-p2 (EC-CUBE 3 series) and EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series)EPSS 1.6%CVE-2020-5680—Improper input validation vulnerability in EC-CUBE versions from 3.0.5 to 3.0.18 allows a remote attacker to cause a denial-of-service (DoS)EPSS 1.4%CVE-2021-20841—Improper access control in Management screen of EC-CUBE 2 series 2.11.2 to 2.17.1 allows a remote authenticated attacker to bypass access reEPSS 1.3%CVE-2022-25355—EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handle HTTP Host header values, which may lead a remote unauthenticated attEPSS 1.1%CVE-2021-20751—Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary sEPSS 1.1%CVE-2022-40199LOWDirectory traversal vulnerability in EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p4 ) and EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a rEPSS 1.0%CVE-2022-37346CRITICALEC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. EPSS 1.0%CVE-2021-20742—Cross-site scripting vulnerability in EC-CUBE Business form output plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.1 allows a EPSS 0.8%CVE-2021-20743—Cross-site scripting vulnerability in EC-CUBE Email newsletters management plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.4 aEPSS 0.8%CVE-2021-20744—Cross-site scripting vulnerability in EC-CUBE Category contents plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.1 allows a remEPSS 0.8%CVE-2023-22438MEDIUMCross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-EPSS 0.7%CVE-2020-5679—Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesEPSS 0.7%CVE-2023-25077—Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0EPSS 0.6%CVE-2022-38975MEDIUMDOM-based cross-site scripting vulnerability in EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote attacker to inject an arbitrary scEPSS 0.5%CVE-2023-22838—Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1,EPSS 0.5%