Search for packages
| purl | pkg:composer/ec-cube/ec-cube@2.17.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-he32-4cf1-akf5
Aliases: CVE-2023-22438 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), and EC-CUBE 2 series (EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, and EC-CUBE 2.17.0 to 2.17.2) allows a remote authenticated attacker to inject an arbitrary script. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-9xhp-yr36-4qak | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerability in "mail/template" and "products/product" of Management page. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the other administrator or the user who accessed the website using the product. |
CVE-2023-40281
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-02T04:45:36.344749+00:00 | GitLab Importer | Fixing | VCID-9xhp-yr36-4qak | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/ec-cube/ec-cube/CVE-2023-40281.yml | 38.6.0 |
| 2026-06-02T04:44:11.297686+00:00 | GitLab Importer | Affected by | VCID-he32-4cf1-akf5 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/ec-cube/ec-cube/CVE-2023-22438.yml | 38.6.0 |