CVE-2023-40281
Summary
| CVE | CVE-2023-40281 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-08-17 07:15:00 UTC |
| Updated | 2023-08-23 15:27:00 UTC |
| Description | EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerability in "mail/template" and "products/product" of Management page. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the other administrator or the user who accessed the website using the product. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ec-cube | Ec-cube | All | All | All | All |
| Application | Ec-cube | Ec-cube | 2.13.5 | - | All | All |
| Application | Ec-cube | Ec-cube | 2.13.5 | patch1 | All | All |
| Application | Ec-cube | Ec-cube | 2.17.2 | - | All | All |
| Application | Ec-cube | Ec-cube | 2.17.2 | patch1 | All | All |
| Application | Ec-cube | Ec-cube | All | All | All | All |
| Application | Ec-cube | Ec-cube | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| EC-CUBE 2系におけるクロスサイトスクリプティングの脆弱性(JVN#46993816) | MISC | www.ec-cube.net | |
| JVN#46993816: EC-CUBE 2 series vulnerable to cross-site scripting | MISC | jvn.jp | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.