Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-uc29-6x6h-akb8
Vulnerability ID VCID-uc29-6x6h-akb8
Aliases CVE-2023-25077
Summary Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script.
Status Published
Exploitability 0.5
Weighted Severity 0.0
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00228 https://api.first.org/data/v1/epss?cve=CVE-2023-25077
epss 0.00228 https://api.first.org/data/v1/epss?cve=CVE-2023-25077
epss 0.00228 https://api.first.org/data/v1/epss?cve=CVE-2023-25077
ssvc Track https://jvn.jp/en/jp/JVN04785663/
ssvc Track https://www.ec-cube.net/info/weakness/20230214/
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-25077
20230214 https://www.ec-cube.net/info/weakness/20230214/
CVE-2023-25077 https://nvd.nist.gov/vuln/detail/CVE-2023-25077
JVN04785663 https://jvn.jp/en/jp/JVN04785663/
No exploits are available.
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:59:18Z/ Found at https://jvn.jp/en/jp/JVN04785663/
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:59:18Z/ Found at https://www.ec-cube.net/info/weakness/20230214/
Exploit Prediction Scoring System (EPSS)
Percentile 0.45748
EPSS Score 0.00228
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T17:19:51.826000+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2023/25xxx/CVE-2023-25077.json 38.6.0