Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ec-cube vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2018-0657
Cross-site scripting vulnerability in EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE (EC-CUBE Payment Module (2.12) version 3.5.23 and previous versions, EC-CUBE Payment Module (2.11) version 2.3.17 and previous versions, GMO-PG Payment Mo...
Gmo-pg Gmo-pg Payment Module
Ec-cube Ec-cube Payment Module
4.3
CVSSv2
CVE-2021-20717
Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote malicious user to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE. As a result, it may lead to an arbitrary script execution on the adminis...
1 Github repository
NA
CVE-2023-27919
Authentication bypass vulnerability in NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series) all versions allows a remote unauthenticated malicious user to alter the information stored in the system.
Next-engine Next Engine Integration
4.3
CVSSv2
CVE-2021-20828
Cross-site scripting vulnerability in Order Status Batch Change Plug-in (for EC-CUBE 3.0 series) all versions allows a remote malicious user to inject an arbitrary script via unspecified vectors.
Activefusions Order Status Batch Change
4
CVSSv2
CVE-2015-7784
SQL injection vulnerability in the BOKUBLOCK (1) BbAdminViewsControl213 plugin prior to 1.1 and (2) BbAdminViewsControl plugin prior to 2.1 for EC-CUBE allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Bokublock Bbadminviewscontrol
Bokublock Bbadminviewscontrol213
4.3
CVSSv2
CVE-2016-1180
Cross-site scripting (XSS) vulnerability in the Cyber-Will Social-button Premium plugin prior to 1.1 for EC-CUBE 2.13.x allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Cyber-will Social-button Premium
4.3
CVSSv2
CVE-2021-20825
Cross-site scripting vulnerability in List (order management) item change plug-in (for EC-CUBE 3.0 series) Ver.1.1 and previous versions allows a remote malicious user to inject an arbitrary script via unspecified vectors.
Shiro8 List \\(order Management\\) Item Change
4.3
CVSSv2
CVE-2016-1205
Cross-site scripting (XSS) vulnerability in the shiro8 (1) category_freearea_ addition_plugin plugin 1.0 and (2) itemdetail_freearea_ addition_plugin plugin 1.0 for EC-CUBE allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Shiro8 Itemdetail Freearea Addition 1.0
Shiro8 Category Freearea Addition 1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7