N/A

Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation.

N/A

N/A

Ec-cube 跨站脚本漏洞

Ec-cube是日本Ec-cube公司的一套开源的电子商务系统。 EC-CUBE存在跨站脚本漏洞，该漏洞允许远程攻击者可利用该漏洞执行跨站点脚本(XSS)攻击。以下产品和版本受影响:EC-CUBE: 4.0 beta, 4.0 beta2, 4.0.0, 4.0.0 rc, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.5 rc, 4.0.5-p1

N/A

N/A