Search for packages
| purl | pkg:composer/ec-cube/ec-cube@2.11.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-9xhp-yr36-4qak
Aliases: CVE-2023-40281 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerability in "mail/template" and "products/product" of Management page. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the other administrator or the user who accessed the website using the product. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-he32-4cf1-akf5
Aliases: CVE-2023-22438 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), and EC-CUBE 2 series (EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, and EC-CUBE 2.17.0 to 2.17.2) allows a remote authenticated attacker to inject an arbitrary script. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-02T04:45:36.307242+00:00 | GitLab Importer | Affected by | VCID-9xhp-yr36-4qak | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/ec-cube/ec-cube/CVE-2023-40281.yml | 38.6.0 |
| 2026-06-02T04:44:11.269258+00:00 | GitLab Importer | Affected by | VCID-he32-4cf1-akf5 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/ec-cube/ec-cube/CVE-2023-22438.yml | 38.6.0 |