CVE-2023-22438 Information

Mar 06, 2023 cve

Description

Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2 EC-CUBE 4.1.0 to 4.1.2-p1 and EC-CUBE 4.2.0) EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5) and EC-CUBE 2 series (EC-CUBE 2.11.0 to 2.11.5 EC-CUBE 2.12.0 to 2.12.6 EC-CUBE 2.13.0 to 2.13.5 and EC-CUBE 2.17.0 to 2.17.2) allows a remote authenticated attacker to inject an arbitrary script.

Reference

https://www.ec-cube.net/info/weakness/20230214/index_3.php https://www.ec-cube.net/info/weakness/20230214/ https://www.ec-cube.net/info/weakness/20230214/index_2.php https://jvn.jp/en/jp/JVN04785663/

Share on: