Vulnerabilities > EC Cube > EC Cube > 2.13.1

DATE CVE VULNERABILITY TITLE RISK
2023-08-17 CVE-2023-40281 Cross-site Scripting vulnerability in Ec-Cube
EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerability in "mail/template" and "products/product" of Management page. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the other administrator or the user who accessed the website using the product.
network
low complexity
ec-cube CWE-79
4.8
2023-03-06 CVE-2023-22438 Cross-site Scripting vulnerability in Ec-Cube
Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), and EC-CUBE 2 series (EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, and EC-CUBE 2.17.0 to 2.17.2) allows a remote authenticated attacker to inject an arbitrary script.
network
low complexity
ec-cube CWE-79
5.4
2021-11-24 CVE-2021-20841 Unspecified vulnerability in Ec-Cube
Improper access control in Management screen of EC-CUBE 2 series 2.11.2 to 2.17.1 allows a remote authenticated attacker to bypass access restriction and to alter System settings via unspecified vectors.
network
low complexity
ec-cube
4.0
2021-11-24 CVE-2021-20842 Cross-Site Request Forgery (CSRF) vulnerability in Ec-Cube
Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series 2.11.0 to 2.17.1 allows a remote attacker to hijack the authentication of Administrator and delete Administrator via a specially crafted web page.
network
ec-cube CWE-352
4.3