Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ec-cube ec-cube vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2022-21179
Cross-site request forgery (CSRF) vulnerability in EC-CUBE plugin 'Mail Magazine Management Plugin' ver4.0.0 to 4.1.1 (for EC-CUBE 4 series) and ver1.0.0 to 1.0.4 (for EC-CUBE 3 series) allows a remote unauthenticated malicious user to hijack the authentication of an ad...
Ec-cube E-mail Newsletter Management
6.5
CVSSv3
CVE-2021-20841
Improper access control in Management screen of EC-CUBE 2 series 2.11.2 to 2.17.1 allows a remote authenticated malicious user to bypass access restriction and to alter System settings via unspecified vectors.
Ec-cube Ec-cube
6.5
CVSSv3
CVE-2021-20842
Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series 2.11.0 to 2.17.1 allows a remote malicious user to hijack the authentication of Administrator and delete Administrator via a specially crafted web page.
Ec-cube Ec-cube
6.1
CVSSv3
CVE-2021-20825
Cross-site scripting vulnerability in List (order management) item change plug-in (for EC-CUBE 3.0 series) Ver.1.1 and previous versions allows a remote malicious user to inject an arbitrary script via unspecified vectors.
Shiro8 List \\(order Management\\) Item Change
6.1
CVSSv3
CVE-2021-20828
Cross-site scripting vulnerability in Order Status Batch Change Plug-in (for EC-CUBE 3.0 series) all versions allows a remote malicious user to inject an arbitrary script via unspecified vectors.
Activefusions Order Status Batch Change
7.5
CVSSv3
CVE-2021-20778
Improper access control vulnerability in EC-CUBE 4.0.6 (EC-CUBE 4 series) allows a remote malicious user to bypass access restriction and obtain sensitive information via unspecified vectors.
Ec-cube Ec-cube 4.0.6
6.1
CVSSv3
CVE-2021-20751
Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote malicious user to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation.
Ec-cube Ec-cube
Ec-cube Ec-cube 4.0.5.
6.1
CVSSv3
CVE-2021-20750
Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18-p2 (EC-CUBE 3 series) and EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote malicious user to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perfo...
Ec-cube Ec-cube
Ec-cube Ec-cube 3.0.18
Ec-cube Ec-cube 4.0.5
6.1
CVSSv3
CVE-2021-20742
Cross-site scripting vulnerability in EC-CUBE Business form output plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.1 allows a remote malicious user to inject an arbitrary script via unspecified vector.
Ec-cube Business Form Output
6.1
CVSSv3
CVE-2021-20743
Cross-site scripting vulnerability in EC-CUBE Email newsletters management plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.4 allows a remote malicious user to inject an arbitrary script by leading a user to a specially crafted page and to perform a specific operatio...
Ec-cube Email Newsletters Management
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »