Lucene search

GoogleOSV:CVE-2023-22438

HistoryMar 06, 2023 - 12:15 a.m.

CVE-2023-22438

2023-03-0600:15:10

Google

osv.dev

cve-2023-22438

contents management

ec-cube 4

ec-cube 3

ec-cube 2

authenticated attacker

arbitrary script

software

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.3%

JSON

Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), and EC-CUBE 2 series (EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, and EC-CUBE 2.17.0 to 2.17.2) allows a remote authenticated attacker to inject an arbitrary script.

CPENameOperatorVersion
ec-cubeeq3.0.12
ec-cubeeqco/20191128
ec-cubeeq3.0.17
ec-cubeeq4.2.0-beta-20220722
ec-cubeeqeccube-2.17.0
ec-cubeeq4.0.5-p1
ec-cubeeqco/20191031
ec-cubeeq3.0.0-beta3
ec-cubeeqco/20190905
ec-cubeeq4.0.5

Name	Operator	Version
ec-cube	eq	3.0.12
ec-cube	eq	co/20191128
ec-cube	eq	3.0.17
ec-cube	eq	4.2.0-beta-20220722
ec-cube	eq	eccube-2.17.0
ec-cube	eq	4.0.5-p1
ec-cube	eq	co/20191031
ec-cube	eq	3.0.0-beta3
ec-cube	eq	co/20190905
ec-cube	eq	4.0.5

Rows per page:

1-10 of 1081

References

jvn.jp/en/jp/JVN04785663/

www.ec-cube.net/info/weakness/20230214/

www.ec-cube.net/info/weakness/20230214/index_2.php

www.ec-cube.net/info/weakness/20230214/index_3.php