N/A

Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier) allows remote attackers to inject an arbitrary script by executing a specific operation on the management page of EC-CUBE.

N/A

N/A

Ec-cube 跨站脚本漏洞

Ec-cube是日本Ec-cube公司的一套开源的电子商务系统。 EC-CUBE 存在跨站脚本漏洞，该漏洞源于对用户提供的数据的无害化处理不足。攻击者可利用该漏洞欺骗受害者，使其遵循一个专门制作的链接，并在脆弱网站的上下文中在用户的浏览器中执行任意HTML和脚本代码。

N/A

N/A