Known Vulnerabilities for products from Ec-cube
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Ec-cube".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-52823 json | Not Provided | 2025-08-14 | 2026-04-23 | |
| CVE-2023-46845 json | EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2) contain an arbi... | 7.2 - HIGH | 2023-11-07 | 2023-11-15 |
| CVE-2023-40281 json | EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerability in "mail/template" and "products/product" of Managem... | 4.8 - MEDIUM | 2023-08-17 | 2023-08-23 |
| CVE-2023-25077 json | Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, an... | 5.4 - MEDIUM | 2023-03-06 | 2023-03-13 |
| CVE-2023-22838 json | Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1... | 5.4 - MEDIUM | 2023-03-06 | 2023-03-13 |
| CVE-2023-22438 json | Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.... | 5.4 - MEDIUM | 2023-03-06 | 2023-03-13 |
| CVE-2022-40199 json | Directory traversal vulnerability in EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p4 ) and EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.... | 2.7 - LOW | 2022-09-27 | 2022-09-29 |
| CVE-2022-38975 json | DOM-based cross-site scripting vulnerability in EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote attacker to inject ... | 5.4 - MEDIUM | 2022-09-27 | 2022-09-29 |
| CVE-2022-37346 json | EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when up... | 9.8 - CRITICAL | 2022-09-27 | 2022-09-30 |
| CVE-2022-25355 json | EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handle HTTP Host header values, which may lead a remote unau... | 5.3 - MEDIUM | 2022-02-24 | 2023-08-08 |
| CVE-2022-21179 json | Cross-site request forgery (CSRF) vulnerability in EC-CUBE plugin 'Mail Magazine Management Plugin' ver4.0.0 to 4.1.1 (for EC... | 4.3 - MEDIUM | 2022-02-24 | 2022-03-03 |
| CVE-2021-20842 json | Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series 2.11.0 to 2.17.1 allows a remote attacker to hijack the a... | 6.5 - MEDIUM | 2021-11-24 | 2021-11-27 |
| CVE-2021-20841 json | Improper access control in Management screen of EC-CUBE 2 series 2.11.2 to 2.17.1 allows a remote authenticated attacker to b... | 6.5 - MEDIUM | 2021-11-24 | 2022-07-12 |
| CVE-2021-20828 json | Cross-site scripting vulnerability in Order Status Batch Change Plug-in (for EC-CUBE 3.0 series) all versions allows a remote... | 6.1 - MEDIUM | 2021-09-17 | 2021-09-28 |
| CVE-2021-20825 json | Cross-site scripting vulnerability in List (order management) item change plug-in (for EC-CUBE 3.0 series) Ver.1.1 and earlie... | 6.1 - MEDIUM | 2021-09-17 | 2021-10-18 |
| CVE-2021-20778 json | Improper access control vulnerability in EC-CUBE 4.0.6 (EC-CUBE 4 series) allows a remote attacker to bypass access restricti... | 7.5 - HIGH | 2021-07-01 | 2022-06-28 |
| CVE-2021-20751 json | Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject... | 6.1 - MEDIUM | 2021-06-28 | 2021-07-07 |
| CVE-2021-20750 json | Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18-p2 (EC-CUBE 3 series) and EC-CUBE 4.0.0 to 4.0.5-p1 (EC... | 6.1 - MEDIUM | 2021-06-28 | 2021-07-07 |
| CVE-2021-20744 json | Cross-site scripting vulnerability in EC-CUBE Category contents plugin (for EC-CUBE 3.0 series) versions prior to version 1.0... | 6.1 - MEDIUM | 2021-06-22 | 2021-06-24 |
| CVE-2021-20743 json | Cross-site scripting vulnerability in EC-CUBE Email newsletters management plugin (for EC-CUBE 3.0 series) versions prior to ... | 6.1 - MEDIUM | 2021-06-22 | 2021-06-24 |
Known software with vulnerabilities from Ec-cube
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Ec-cube | Amazon Pay | - |
| Application | Ec-cube | Discount Coupon | 1.0 |
| Application | Ec-cube | Ec-cube | 1.1.1 |
| Application | Ec-cube | Ec-cube Payment Module | - |