Vulnerabilities > Lockon > EC Cube > 2.5.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-06-30 | CVE-2013-3653 | Cross-Site Scripting vulnerability in Lockon Ec-Cube Multiple cross-site scripting (XSS) vulnerabilities in the RecommendSearch feature in the management screen in LOCKON EC-CUBE before 2.12.5 allow remote attackers to inject arbitrary web script or HTML via vectors involving the rank parameter, a different vulnerability than CVE-2013-3652. | 4.3 |
2013-06-30 | CVE-2013-3650 | Path Traversal vulnerability in Lockon Ec-Cube Directory traversal vulnerability in the lfCheckFileName function in data/class/pages/LC_Page_ResizeImage.php in LOCKON EC-CUBE before 2.12.5 allows remote attackers to read arbitrary image files via vectors involving the image parameter to resize_image.php, a different vulnerability than CVE-2013-3654. | 5.0 |
2011-05-13 | CVE-2011-1325 | Cross-Site Request Forgery (CSRF) vulnerability in Lockon Ec-Cube Cross-site request forgery (CSRF) vulnerability in EC-CUBE before 2.11.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 5.8 |