Cross-site scripting vulnerability in EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE (EC-CUBE Payment Module (2.12) version 3.5.23 and previous versions, EC-CUBE Payment Module (2.11) version 2.3.17 and previous versions, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and previous versions, and GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and previous versions) allow an attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ec-cube ec-cube payment module |
||
gmo-pg gmo-pg payment module |