Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/ec-cube/ec-cube@2.12.0
Typecomposer
Namespaceec-cube
Nameec-cube
Version2.12.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.0.17
Latest_non_vulnerable_version4.2.3
Affected_by_vulnerabilities
0
url VCID-5eu9-23qz-4uab
vulnerability_id VCID-5eu9-23qz-4uab
summary 
Cross-site Scripting
A Cross-site scripting vulnerability in EC-CUBE Payment Module allow an attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-0657
reference_id CVE-2018-0657
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-0657
fixed_packages
0
url pkg:composer/ec-cube/ec-cube@3.0.0
purl pkg:composer/ec-cube/ec-cube@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c6vr-e9zn-cbaz
1
vulnerability VCID-fuus-wqhf-s3be
2
vulnerability VCID-he32-4cf1-akf5
3
vulnerability VCID-mr5c-68tz-nfbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@3.0.0
aliases CVE-2018-0657
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5eu9-23qz-4uab
1
url VCID-9xhp-yr36-4qak
vulnerability_id VCID-9xhp-yr36-4qak
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerability in "mail/template" and "products/product" of Management page.
If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the other administrator or the user who accessed the website using the product.
references
0
reference_url https://jvn.jp/en/jp/JVN46993816/
reference_id
reference_type
scores
url https://jvn.jp/en/jp/JVN46993816/
1
reference_url https://www.ec-cube.net/info/weakness/20230727/
reference_id
reference_type
scores
url https://www.ec-cube.net/info/weakness/20230727/
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-40281
reference_id CVE-2023-40281
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-40281
fixed_packages
0
url pkg:composer/ec-cube/ec-cube@2.13.5
purl pkg:composer/ec-cube/ec-cube@2.13.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-he32-4cf1-akf5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@2.13.5
1
url pkg:composer/ec-cube/ec-cube@2.17.2
purl pkg:composer/ec-cube/ec-cube@2.17.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-he32-4cf1-akf5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@2.17.2
aliases CVE-2023-40281
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9xhp-yr36-4qak
2
url VCID-he32-4cf1-akf5
vulnerability_id VCID-he32-4cf1-akf5
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), and EC-CUBE 2 series (EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, and EC-CUBE 2.17.0 to 2.17.2) allows a remote authenticated attacker to inject an arbitrary script.
references
0
reference_url https://jvn.jp/en/jp/JVN04785663/
reference_id
reference_type
scores
url https://jvn.jp/en/jp/JVN04785663/
1
reference_url https://www.ec-cube.net/info/weakness/20230214/
reference_id
reference_type
scores
url https://www.ec-cube.net/info/weakness/20230214/
2
reference_url https://www.ec-cube.net/info/weakness/20230214/index_2.php
reference_id
reference_type
scores
url https://www.ec-cube.net/info/weakness/20230214/index_2.php
3
reference_url https://www.ec-cube.net/info/weakness/20230214/index_3.php
reference_id
reference_type
scores
url https://www.ec-cube.net/info/weakness/20230214/index_3.php
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22438
reference_id CVE-2023-22438
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-22438
fixed_packages
0
url pkg:composer/ec-cube/ec-cube@4.0.6-p1
purl pkg:composer/ec-cube/ec-cube@4.0.6-p1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.0.6-p1
1
url pkg:composer/ec-cube/ec-cube@4.1.2-p1
purl pkg:composer/ec-cube/ec-cube@4.1.2-p1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.1.2-p1
2
url pkg:composer/ec-cube/ec-cube@4.2.1
purl pkg:composer/ec-cube/ec-cube@4.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@4.2.1
aliases CVE-2023-22438
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-he32-4cf1-akf5
3
url VCID-mmfy-uhca-ukeq
vulnerability_id VCID-mmfy-uhca-ukeq
summary 
Improper Input Validation
An Input validation issue in EC-CUBE Payment Module allows an attacker with administrative rights to execute arbitrary PHP code on the server via unspecified vectors.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-0658
reference_id CVE-2018-0658
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-0658
fixed_packages
0
url pkg:composer/ec-cube/ec-cube@3.0.0
purl pkg:composer/ec-cube/ec-cube@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c6vr-e9zn-cbaz
1
vulnerability VCID-fuus-wqhf-s3be
2
vulnerability VCID-he32-4cf1-akf5
3
vulnerability VCID-mr5c-68tz-nfbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@3.0.0
aliases CVE-2018-0658
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mmfy-uhca-ukeq
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/ec-cube/ec-cube@2.12.0