Search for packages
| purl | pkg:composer/ec-cube/ec-cube@2.17.0 |
| Tags | Ghost |
| Next non-vulnerable version | 3.1.0-alpha |
| Latest non-vulnerable version | 3.1.0-alpha |
| Risk | 1.6 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-8bj1-htby-r3hb
Aliases: CVE-2023-22438 |
Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), and EC-CUBE 2 series (EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, and EC-CUBE 2.17.0 to 2.17.2) allows a remote authenticated attacker to inject an arbitrary script. |
Affected by 0 other vulnerabilities. Affected by 7 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 7 other vulnerabilities. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-nk88-qzd2-x7hv
Aliases: CVE-2023-40281 |
EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerability in "mail/template" and "products/product" of Management page. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the other administrator or the user who accessed the website using the product. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-12T15:46:50.219262+00:00 | GitLab Importer | Affected by | VCID-nk88-qzd2-x7hv | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/ec-cube/ec-cube/CVE-2023-40281.yml | 38.6.0 |
| 2026-06-12T15:45:41.102723+00:00 | GitLab Importer | Affected by | VCID-8bj1-htby-r3hb | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/ec-cube/ec-cube/CVE-2023-22438.yml | 38.6.0 |