Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and previous versions, Ver1 Beta 1.5.0-beta and previous versions, Ver2 2.1.2a and previous versions, Ver2 Beta(RC) 2.2.0-beta and previous versions, Community Edition 1.3.4 and previous versions, and Community Edition Nightly-Build r17319 and previous versions allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4535 and CVE-2008-4537.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
ec-cube ec-cube 1.5.0 |
||
ec-cube ec-cube |
||
ec-cube ec-cube 1.0 |
||
ec-cube ec-cube 1.4.7 |
Vulmon