Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ec-cube vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2018-0658
Input validation issue in EC-CUBE Payment Module (2.12) version 3.5.23 and previous versions, EC-CUBE Payment Module (2.11) version 2.3.17 and previous versions, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and previous versions, GMO-PG Payment Module (P...
Gmo-pg Gmo-pg Payment Module
Ec-cube Ec-cube Payment Module
6.1
CVSSv3
CVE-2021-20717
Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote malicious user to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE. As a result, it may lead to an arbitrary script execution on the adminis...
1 Github repository
5.3
CVSSv3
CVE-2023-27919
Authentication bypass vulnerability in NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series) all versions allows a remote unauthenticated malicious user to alter the information stored in the system.
Next-engine Next Engine Integration
6.1
CVSSv3
CVE-2021-20828
Cross-site scripting vulnerability in Order Status Batch Change Plug-in (for EC-CUBE 3.0 series) all versions allows a remote malicious user to inject an arbitrary script via unspecified vectors.
Activefusions Order Status Batch Change
4.3
CVSSv3
CVE-2015-7784
SQL injection vulnerability in the BOKUBLOCK (1) BbAdminViewsControl213 plugin prior to 1.1 and (2) BbAdminViewsControl plugin prior to 2.1 for EC-CUBE allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Bokublock Bbadminviewscontrol
Bokublock Bbadminviewscontrol213
6.1
CVSSv3
CVE-2016-1180
Cross-site scripting (XSS) vulnerability in the Cyber-Will Social-button Premium plugin prior to 1.1 for EC-CUBE 2.13.x allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Cyber-will Social-button Premium
6.1
CVSSv3
CVE-2021-20825
Cross-site scripting vulnerability in List (order management) item change plug-in (for EC-CUBE 3.0 series) Ver.1.1 and previous versions allows a remote malicious user to inject an arbitrary script via unspecified vectors.
Shiro8 List \\(order Management\\) Item Change
6.1
CVSSv3
CVE-2016-1205
Cross-site scripting (XSS) vulnerability in the shiro8 (1) category_freearea_ addition_plugin plugin 1.0 and (2) itemdetail_freearea_ addition_plugin plugin 1.0 for EC-CUBE allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Shiro8 Itemdetail Freearea Addition 1.0
Shiro8 Category Freearea Addition 1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7