EC CUBE Unspecified Cross-Site Scripting Vulnerability
BID:21146
CVE-2006-6108 |Info
EC CUBE Unspecified Cross-Site Scripting Vulnerability
| Bugtraq ID: | 21146 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 17 2006 12:00AM |
| Updated: | Nov 22 2006 04:00PM |
| Credit: | Fukumori is credited with the discovery of this vulnerability. |
| Vulnerable: |
EC-CUBE EC-CUBE 1.0 |
| Not Vulnerable: |
EC-CUBE EC-CUBE 1.0.1a beta |
Discussion
EC CUBE Unspecified Cross-Site Scripting Vulnerability
EC-CUBE is prone to an unspecified cross-site scripting vulnerability.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Version 1.0.0 is vulnerable.
EC-CUBE is prone to an unspecified cross-site scripting vulnerability.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Version 1.0.0 is vulnerable.
Exploit / POC
EC CUBE Unspecified Cross-Site Scripting Vulnerability
To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.
To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.
Solution / Fix
EC CUBE Unspecified Cross-Site Scripting Vulnerability
Solution:
The vendor has released a fix to address this issue. Please see the references section for further information.
EC-CUBE EC-CUBE 1.0
Solution:
The vendor has released a fix to address this issue. Please see the references section for further information.
EC-CUBE EC-CUBE 1.0
-
EC-CUBE eccube-1.0.1a-beta.tar.gz
http://downloads.ec-cube.net/src/eccube-1.0.1a-beta.tar.gz