Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/ec-cube/ec-cube@3.0.0
Typecomposer
Namespaceec-cube
Nameec-cube
Version3.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.1.0-alpha
Latest_non_vulnerable_version3.1.0-alpha
Affected_by_vulnerabilities
0
url VCID-1gnn-818f-dfd3
vulnerability_id VCID-1gnn-818f-dfd3
summary EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2) contain an arbitrary code execution vulnerability due to improper settings of the template engine Twig included in the product. As a result, arbitrary code may be executed on the server where the product is running by a user with an administrative privilege.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46845
reference_id
reference_type
scores
0
value 0.01296
scoring_system epss
scoring_elements 0.80112
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46845
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46845
reference_id CVE-2023-46845
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-46845
2
reference_url https://www.ec-cube.net/info/weakness/20231026/index_3.php
reference_id index_3.php
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-04T20:27:53Z/
url https://www.ec-cube.net/info/weakness/20231026/index_3.php
3
reference_url https://www.ec-cube.net/info/weakness/20231026/index_40.php
reference_id index_40.php
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-04T20:27:53Z/
url https://www.ec-cube.net/info/weakness/20231026/index_40.php
4
reference_url https://www.ec-cube.net/info/weakness/20231026/index.php
reference_id index.php
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-04T20:27:53Z/
url https://www.ec-cube.net/info/weakness/20231026/index.php
5
reference_url https://jvn.jp/en/jp/JVN29195731/
reference_id JVN29195731
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-04T20:27:53Z/
url https://jvn.jp/en/jp/JVN29195731/
fixed_packages
0
url pkg:composer/ec-cube/ec-cube@3.1.0-alpha
purl pkg:composer/ec-cube/ec-cube@3.1.0-alpha
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@3.1.0-alpha
1
url pkg:composer/ec-cube/ec-cube@4.0.6-p1
purl pkg:composer/ec-cube/ec-cube@4.0.6-p1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gnn-818f-dfd3
1
vulnerability VCID-8bj1-htby-r3hb
2
vulnerability VCID-h22q-5adj-9bhu
3
vulnerability VCID-kjwz-h6kh-9yhk
4
vulnerability VCID-uc29-6x6h-akb8
5
vulnerability VCID-xnkt-bw6n-mkhz
6
vulnerability VCID-zy4t-p98q-qkb2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.0.6-p1
2
url pkg:composer/ec-cube/ec-cube@4.1-beta
purl pkg:composer/ec-cube/ec-cube@4.1-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-h22q-5adj-9bhu
1
vulnerability VCID-xnkt-bw6n-mkhz
2
vulnerability VCID-zy4t-p98q-qkb2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.1-beta
3
url pkg:composer/ec-cube/ec-cube@4.1.2-p1
purl pkg:composer/ec-cube/ec-cube@4.1.2-p1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gnn-818f-dfd3
1
vulnerability VCID-8bj1-htby-r3hb
2
vulnerability VCID-kjwz-h6kh-9yhk
3
vulnerability VCID-uc29-6x6h-akb8
4
vulnerability VCID-xnkt-bw6n-mkhz
5
vulnerability VCID-yjve-1ftj-vqgw
6
vulnerability VCID-zy4t-p98q-qkb2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.1.2-p1
4
url pkg:composer/ec-cube/ec-cube@4.2.0-alpha
purl pkg:composer/ec-cube/ec-cube@4.2.0-alpha
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-yjve-1ftj-vqgw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.2.0-alpha
5
url pkg:composer/ec-cube/ec-cube@4.2.3
purl pkg:composer/ec-cube/ec-cube@4.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-yjve-1ftj-vqgw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.2.3
aliases CVE-2023-46845
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1gnn-818f-dfd3
1
url VCID-8bj1-htby-r3hb
vulnerability_id VCID-8bj1-htby-r3hb
summary Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), and EC-CUBE 2 series (EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, and EC-CUBE 2.17.0 to 2.17.2) allows a remote authenticated attacker to inject an arbitrary script.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22438
reference_id
reference_type
scores
0
value 0.00235
scoring_system epss
scoring_elements 0.46569
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22438
1
reference_url https://www.ec-cube.net/info/weakness/20230214/
reference_id 20230214
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-07T21:46:40Z/
url https://www.ec-cube.net/info/weakness/20230214/
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22438
reference_id CVE-2023-22438
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-22438
3
reference_url https://www.ec-cube.net/info/weakness/20230214/index_2.php
reference_id index_2.php
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-07T21:46:40Z/
url https://www.ec-cube.net/info/weakness/20230214/index_2.php
4
reference_url https://www.ec-cube.net/info/weakness/20230214/index_3.php
reference_id index_3.php
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-07T21:46:40Z/
url https://www.ec-cube.net/info/weakness/20230214/index_3.php
5
reference_url https://jvn.jp/en/jp/JVN04785663/
reference_id JVN04785663
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-07T21:46:40Z/
url https://jvn.jp/en/jp/JVN04785663/
fixed_packages
0
url pkg:composer/ec-cube/ec-cube@3.1.0-alpha
purl pkg:composer/ec-cube/ec-cube@3.1.0-alpha
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@3.1.0-alpha
1
url pkg:composer/ec-cube/ec-cube@4.0.6-p1
purl pkg:composer/ec-cube/ec-cube@4.0.6-p1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gnn-818f-dfd3
1
vulnerability VCID-8bj1-htby-r3hb
2
vulnerability VCID-h22q-5adj-9bhu
3
vulnerability VCID-kjwz-h6kh-9yhk
4
vulnerability VCID-uc29-6x6h-akb8
5
vulnerability VCID-xnkt-bw6n-mkhz
6
vulnerability VCID-zy4t-p98q-qkb2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.0.6-p1
2
url pkg:composer/ec-cube/ec-cube@4.1-beta
purl pkg:composer/ec-cube/ec-cube@4.1-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-h22q-5adj-9bhu
1
vulnerability VCID-xnkt-bw6n-mkhz
2
vulnerability VCID-zy4t-p98q-qkb2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.1-beta
3
url pkg:composer/ec-cube/ec-cube@4.1.2-p1
purl pkg:composer/ec-cube/ec-cube@4.1.2-p1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gnn-818f-dfd3
1
vulnerability VCID-8bj1-htby-r3hb
2
vulnerability VCID-kjwz-h6kh-9yhk
3
vulnerability VCID-uc29-6x6h-akb8
4
vulnerability VCID-xnkt-bw6n-mkhz
5
vulnerability VCID-yjve-1ftj-vqgw
6
vulnerability VCID-zy4t-p98q-qkb2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.1.2-p1
4
url pkg:composer/ec-cube/ec-cube@4.2.0-alpha
purl pkg:composer/ec-cube/ec-cube@4.2.0-alpha
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-yjve-1ftj-vqgw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.2.0-alpha
5
url pkg:composer/ec-cube/ec-cube@4.2.1
purl pkg:composer/ec-cube/ec-cube@4.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gnn-818f-dfd3
1
vulnerability VCID-yjve-1ftj-vqgw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.2.1
aliases CVE-2023-22438
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8bj1-htby-r3hb
2
url VCID-b9yr-y2nr-37bw
vulnerability_id VCID-b9yr-y2nr-37bw
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-16191
reference_id
reference_type
scores
0
value 0.00268
scoring_system epss
scoring_elements 0.50528
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-16191
1
reference_url https://github.com/EC-CUBE/ec-cube
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/EC-CUBE/ec-cube
2
reference_url https://jvn.jp/en/jp/JVN25359688/index.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jvn.jp/en/jp/JVN25359688/index.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-16191
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-16191
4
reference_url https://www.ec-cube.net/info/weakness/20181113
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.ec-cube.net/info/weakness/20181113
5
reference_url http://www.securityfocus.com/bid/106545
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/106545
6
reference_url https://github.com/advisories/GHSA-fcgg-qgxg-2g2x
reference_id GHSA-fcgg-qgxg-2g2x
reference_type
scores
url https://github.com/advisories/GHSA-fcgg-qgxg-2g2x
fixed_packages
0
url pkg:composer/ec-cube/ec-cube@3.0.17
purl pkg:composer/ec-cube/ec-cube@3.0.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gnn-818f-dfd3
1
vulnerability VCID-5534-wj8d-xyfp
2
vulnerability VCID-8bj1-htby-r3hb
3
vulnerability VCID-bqur-48p1-tyaj
4
vulnerability VCID-h22q-5adj-9bhu
5
vulnerability VCID-hxq9-dnac-pfgx
6
vulnerability VCID-mwk1-a45n-8yht
7
vulnerability VCID-xnkt-bw6n-mkhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@3.0.17
aliases CVE-2018-16191, GHSA-fcgg-qgxg-2g2x
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b9yr-y2nr-37bw
3
url VCID-bqur-48p1-tyaj
vulnerability_id VCID-bqur-48p1-tyaj
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-5590
reference_id
reference_type
scores
0
value 0.02208
scoring_system epss
scoring_elements 0.84814
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-5590
1
reference_url https://github.com/EC-CUBE/ec-cube
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/EC-CUBE/ec-cube
2
reference_url https://jvn.jp/en/jp/JVN77458946/index.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://jvn.jp/en/jp/JVN77458946/index.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-5590
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-5590
4
reference_url https://www.ec-cube.net/info/weakness/weakness.php?id=73
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.ec-cube.net/info/weakness/weakness.php?id=73
5
reference_url https://www.ec-cube.net/info/weakness/weakness.php?id=74
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.ec-cube.net/info/weakness/weakness.php?id=74
fixed_packages
0
url pkg:composer/ec-cube/ec-cube@3.1.0-alpha
purl pkg:composer/ec-cube/ec-cube@3.1.0-alpha
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@3.1.0-alpha
1
url pkg:composer/ec-cube/ec-cube@4.0.4
purl pkg:composer/ec-cube/ec-cube@4.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-152n-q9ju-fuck
1
vulnerability VCID-1gnn-818f-dfd3
2
vulnerability VCID-8bj1-htby-r3hb
3
vulnerability VCID-c7wg-8e41-gbh1
4
vulnerability VCID-h22q-5adj-9bhu
5
vulnerability VCID-kjwz-h6kh-9yhk
6
vulnerability VCID-mwk1-a45n-8yht
7
vulnerability VCID-uc29-6x6h-akb8
8
vulnerability VCID-xnkt-bw6n-mkhz
9
vulnerability VCID-zy4t-p98q-qkb2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.0.4
aliases CVE-2020-5590, GHSA-hx79-x87c-hgm3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bqur-48p1-tyaj
4
url VCID-h22q-5adj-9bhu
vulnerability_id VCID-h22q-5adj-9bhu
summary EC-CUBE improperly handles HTTP Host header values
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25355
reference_id
reference_type
scores
0
value 0.01055
scoring_system epss
scoring_elements 0.78001
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25355
1
reference_url https://github.com/EC-CUBE/ec-cube
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/EC-CUBE/ec-cube
2
reference_url https://jvn.jp/en/jp/JVN53871926/index.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jvn.jp/en/jp/JVN53871926/index.html
3
reference_url https://www.ec-cube.net/info/weakness/20220221
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.ec-cube.net/info/weakness/20220221
4
reference_url https://www.ec-cube.net/info/weakness/20220221/
reference_id
reference_type
scores
url https://www.ec-cube.net/info/weakness/20220221/
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25355
reference_id CVE-2022-25355
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25355
6
reference_url https://github.com/advisories/GHSA-pw97-6v74-9w3p
reference_id GHSA-pw97-6v74-9w3p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pw97-6v74-9w3p
fixed_packages
0
url pkg:composer/ec-cube/ec-cube@3.0.18
purl pkg:composer/ec-cube/ec-cube@3.0.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gnn-818f-dfd3
1
vulnerability VCID-5534-wj8d-xyfp
2
vulnerability VCID-8bj1-htby-r3hb
3
vulnerability VCID-bqur-48p1-tyaj
4
vulnerability VCID-hxq9-dnac-pfgx
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@3.0.18
1
url pkg:composer/ec-cube/ec-cube@4.1.2
purl pkg:composer/ec-cube/ec-cube@4.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gnn-818f-dfd3
1
vulnerability VCID-8bj1-htby-r3hb
2
vulnerability VCID-kjwz-h6kh-9yhk
3
vulnerability VCID-uc29-6x6h-akb8
4
vulnerability VCID-xnkt-bw6n-mkhz
5
vulnerability VCID-yjve-1ftj-vqgw
6
vulnerability VCID-zy4t-p98q-qkb2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.1.2
aliases CVE-2022-25355, GHSA-pw97-6v74-9w3p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h22q-5adj-9bhu
5
url VCID-hxq9-dnac-pfgx
vulnerability_id VCID-hxq9-dnac-pfgx
summary EC-CUBE Improper Restriction of Rendered UI Layers or Frames
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-5679
reference_id
reference_type
scores
0
value 0.00197
scoring_system epss
scoring_elements 0.41545
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-5679
1
reference_url https://github.com/EC-CUBE/ec-cube
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/EC-CUBE/ec-cube
2
reference_url https://jvn.jp/en/jp/JVN24457594/index.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jvn.jp/en/jp/JVN24457594/index.html
3
reference_url https://www.ec-cube.net/info/weakness
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.ec-cube.net/info/weakness
4
reference_url https://www.ec-cube.net/info/weakness/
reference_id
reference_type
scores
url https://www.ec-cube.net/info/weakness/
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-5679
reference_id CVE-2020-5679
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-5679
6
reference_url https://github.com/advisories/GHSA-rwh8-h525-4jvj
reference_id GHSA-rwh8-h525-4jvj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rwh8-h525-4jvj
fixed_packages
0
url pkg:composer/ec-cube/ec-cube@3.1.0-alpha
purl pkg:composer/ec-cube/ec-cube@3.1.0-alpha
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@3.1.0-alpha
aliases CVE-2020-5679, GHSA-rwh8-h525-4jvj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hxq9-dnac-pfgx
6
url VCID-mwk1-a45n-8yht
vulnerability_id VCID-mwk1-a45n-8yht
summary EC-CUBE Cross-site scripting vulnerability
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20750
reference_id
reference_type
scores
0
value 0.00741
scoring_system epss
scoring_elements 0.7342
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20750
1
reference_url https://github.com/EC-CUBE/ec-cube
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/EC-CUBE/ec-cube
2
reference_url https://jvn.jp/en/jp/JVN95292458/index.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jvn.jp/en/jp/JVN95292458/index.html
3
reference_url https://www.ec-cube.net/info/weakness/weakness.php?id=78
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.ec-cube.net/info/weakness/weakness.php?id=78
4
reference_url https://www.ec-cube.net/info/weakness/weakness.php?id=79
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.ec-cube.net/info/weakness/weakness.php?id=79
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-20750
reference_id CVE-2021-20750
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-20750
6
reference_url https://github.com/advisories/GHSA-vrpv-26fm-7vf7
reference_id GHSA-vrpv-26fm-7vf7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vrpv-26fm-7vf7
fixed_packages
0
url pkg:composer/ec-cube/ec-cube@3.0.18
purl pkg:composer/ec-cube/ec-cube@3.0.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gnn-818f-dfd3
1
vulnerability VCID-5534-wj8d-xyfp
2
vulnerability VCID-8bj1-htby-r3hb
3
vulnerability VCID-bqur-48p1-tyaj
4
vulnerability VCID-hxq9-dnac-pfgx
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@3.0.18
1
url pkg:composer/ec-cube/ec-cube@4.0.5
purl pkg:composer/ec-cube/ec-cube@4.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-152n-q9ju-fuck
1
vulnerability VCID-1gnn-818f-dfd3
2
vulnerability VCID-8bj1-htby-r3hb
3
vulnerability VCID-h22q-5adj-9bhu
4
vulnerability VCID-kjwz-h6kh-9yhk
5
vulnerability VCID-uc29-6x6h-akb8
6
vulnerability VCID-xnkt-bw6n-mkhz
7
vulnerability VCID-zy4t-p98q-qkb2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.0.5
2
url pkg:composer/ec-cube/ec-cube@4.0.6
purl pkg:composer/ec-cube/ec-cube@4.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gnn-818f-dfd3
1
vulnerability VCID-5w3z-s8ev-6ka5
2
vulnerability VCID-8bj1-htby-r3hb
3
vulnerability VCID-h22q-5adj-9bhu
4
vulnerability VCID-kjwz-h6kh-9yhk
5
vulnerability VCID-uc29-6x6h-akb8
6
vulnerability VCID-xnkt-bw6n-mkhz
7
vulnerability VCID-zy4t-p98q-qkb2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.0.6
aliases CVE-2021-20750, GHSA-vrpv-26fm-7vf7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mwk1-a45n-8yht
7
url VCID-xnkt-bw6n-mkhz
vulnerability_id VCID-xnkt-bw6n-mkhz
summary Directory traversal vulnerability in EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p4 ) and EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote authenticated attacker with an administrative privilege to obtain the product's directory structure information.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-40199
reference_id
reference_type
scores
0
value 0.0024
scoring_system epss
scoring_elements 0.47576
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-40199
1
reference_url https://github.com/EC-CUBE/ec-cube
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/EC-CUBE/ec-cube
2
reference_url https://www.ec-cube.net/info/weakness/20220909
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.ec-cube.net/info/weakness/20220909
3
reference_url https://www.ec-cube.net/info/weakness/20220909/
reference_id 20220909
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T18:22:17Z/
url https://www.ec-cube.net/info/weakness/20220909/
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-40199
reference_id CVE-2022-40199
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-40199
5
reference_url https://github.com/advisories/GHSA-wjpv-frf2-3r58
reference_id GHSA-wjpv-frf2-3r58
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wjpv-frf2-3r58
6
reference_url https://jvn.jp/en/jp/JVN21213852/index.html
reference_id index.html
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T18:22:17Z/
url https://jvn.jp/en/jp/JVN21213852/index.html
fixed_packages
0
url pkg:composer/ec-cube/ec-cube@3.0.18
purl pkg:composer/ec-cube/ec-cube@3.0.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gnn-818f-dfd3
1
vulnerability VCID-5534-wj8d-xyfp
2
vulnerability VCID-8bj1-htby-r3hb
3
vulnerability VCID-bqur-48p1-tyaj
4
vulnerability VCID-hxq9-dnac-pfgx
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@3.0.18
1
url pkg:composer/ec-cube/ec-cube@4.2.0-alpha
purl pkg:composer/ec-cube/ec-cube@4.2.0-alpha
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-yjve-1ftj-vqgw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.2.0-alpha
aliases CVE-2022-40199, GHSA-wjpv-frf2-3r58
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xnkt-bw6n-mkhz
Fixing_vulnerabilities
0
url VCID-4ywz-x6zv-kfc4
vulnerability_id VCID-4ywz-x6zv-kfc4
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-0657
reference_id
reference_type
scores
0
value 0.00387
scoring_system epss
scoring_elements 0.6026
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-0657
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-0657
reference_id CVE-2018-0657
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-0657
fixed_packages
0
url pkg:composer/ec-cube/ec-cube@3.0.0
purl pkg:composer/ec-cube/ec-cube@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gnn-818f-dfd3
1
vulnerability VCID-8bj1-htby-r3hb
2
vulnerability VCID-b9yr-y2nr-37bw
3
vulnerability VCID-bqur-48p1-tyaj
4
vulnerability VCID-h22q-5adj-9bhu
5
vulnerability VCID-hxq9-dnac-pfgx
6
vulnerability VCID-mwk1-a45n-8yht
7
vulnerability VCID-xnkt-bw6n-mkhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@3.0.0
aliases CVE-2018-0657
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4ywz-x6zv-kfc4
1
url VCID-5vm7-hpzj-qfhq
vulnerability_id VCID-5vm7-hpzj-qfhq
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-0658
reference_id
reference_type
scores
0
value 0.00668
scoring_system epss
scoring_elements 0.71757
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-0658
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-0658
reference_id CVE-2018-0658
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-0658
fixed_packages
0
url pkg:composer/ec-cube/ec-cube@3.0.0
purl pkg:composer/ec-cube/ec-cube@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gnn-818f-dfd3
1
vulnerability VCID-8bj1-htby-r3hb
2
vulnerability VCID-b9yr-y2nr-37bw
3
vulnerability VCID-bqur-48p1-tyaj
4
vulnerability VCID-h22q-5adj-9bhu
5
vulnerability VCID-hxq9-dnac-pfgx
6
vulnerability VCID-mwk1-a45n-8yht
7
vulnerability VCID-xnkt-bw6n-mkhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@3.0.0
aliases CVE-2018-0658
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5vm7-hpzj-qfhq
2
url VCID-r4jp-pzbn-mybf
vulnerability_id VCID-r4jp-pzbn-mybf
summary EC-CUBE Cross-site request forgery (CSRF) vulnerability
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20842
reference_id
reference_type
scores
0
value 0.00108
scoring_system epss
scoring_elements 0.28564
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20842
1
reference_url https://github.com/EC-CUBE/ec-cube
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/EC-CUBE/ec-cube
2
reference_url https://jvn.jp/en/jp/JVN75444925/index.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jvn.jp/en/jp/JVN75444925/index.html
3
reference_url https://www.ec-cube.net/info/weakness/20211111
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.ec-cube.net/info/weakness/20211111
4
reference_url https://www.ec-cube.net/info/weakness/20211111/
reference_id
reference_type
scores
url https://www.ec-cube.net/info/weakness/20211111/
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-20842
reference_id CVE-2021-20842
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-20842
6
reference_url https://github.com/advisories/GHSA-m9hv-qmqh-33qh
reference_id GHSA-m9hv-qmqh-33qh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m9hv-qmqh-33qh
fixed_packages
0
url pkg:composer/ec-cube/ec-cube@2.17.2
purl pkg:composer/ec-cube/ec-cube@2.17.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8bj1-htby-r3hb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@2.17.2
1
url pkg:composer/ec-cube/ec-cube@3.0.0
purl pkg:composer/ec-cube/ec-cube@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gnn-818f-dfd3
1
vulnerability VCID-8bj1-htby-r3hb
2
vulnerability VCID-b9yr-y2nr-37bw
3
vulnerability VCID-bqur-48p1-tyaj
4
vulnerability VCID-h22q-5adj-9bhu
5
vulnerability VCID-hxq9-dnac-pfgx
6
vulnerability VCID-mwk1-a45n-8yht
7
vulnerability VCID-xnkt-bw6n-mkhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@3.0.0
aliases CVE-2021-20842, GHSA-m9hv-qmqh-33qh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r4jp-pzbn-mybf
3
url VCID-v77p-6zxw-g7ds
vulnerability_id VCID-v77p-6zxw-g7ds
summary EC-CUBE Improper access control in Management screen
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20841
reference_id
reference_type
scores
0
value 0.00203
scoring_system epss
scoring_elements 0.42386
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20841
1
reference_url https://github.com/EC-CUBE/ec-cube
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/EC-CUBE/ec-cube
2
reference_url https://jvn.jp/en/jp/JVN75444925/index.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jvn.jp/en/jp/JVN75444925/index.html
3
reference_url https://www.ec-cube.net/info/weakness/20211111
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.ec-cube.net/info/weakness/20211111
4
reference_url https://www.ec-cube.net/info/weakness/20211111/
reference_id
reference_type
scores
url https://www.ec-cube.net/info/weakness/20211111/
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-20841
reference_id CVE-2021-20841
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-20841
6
reference_url https://github.com/advisories/GHSA-jc55-crg7-pr35
reference_id GHSA-jc55-crg7-pr35
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jc55-crg7-pr35
fixed_packages
0
url pkg:composer/ec-cube/ec-cube@2.17.2
purl pkg:composer/ec-cube/ec-cube@2.17.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8bj1-htby-r3hb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@2.17.2
1
url pkg:composer/ec-cube/ec-cube@3.0.0
purl pkg:composer/ec-cube/ec-cube@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gnn-818f-dfd3
1
vulnerability VCID-8bj1-htby-r3hb
2
vulnerability VCID-b9yr-y2nr-37bw
3
vulnerability VCID-bqur-48p1-tyaj
4
vulnerability VCID-h22q-5adj-9bhu
5
vulnerability VCID-hxq9-dnac-pfgx
6
vulnerability VCID-mwk1-a45n-8yht
7
vulnerability VCID-xnkt-bw6n-mkhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@3.0.0
aliases CVE-2021-20841, GHSA-jc55-crg7-pr35
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v77p-6zxw-g7ds
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@3.0.0