CVE-2008-4535

Cross-site scripting (XSS) vulnerability in EC-CUBE Ver2 2.1.2a and earlier, EC-CUBE Ver2 Beta(RC) 2.2.0-beta and earlier, and EC-CUBE Community Edition Nighly-Build r17623 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4536 and CVE-2008-4537.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
ec-cubeec-cube
𝑥
≤ 2.1.2a
ec-cubeec-cube
𝑥
≤ 2.3.0
ec-cubeec-cube
1.0
ec-cubeec-cube
1.4.7
ec-cubeec-cube
1.5.0:b2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://jvn.jp/en/jp/JVN99916563/index.html
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000064.html
http://secunia.com/advisories/32065
http://www.ec-cube.net/release/detail.php?release_id=193
http://www.securityfocus.com/bid/31509
https://exchange.xforce.ibmcloud.com/vulnerabilities/45591
http://jvn.jp/en/jp/JVN99916563/index.html
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000064.html
http://secunia.com/advisories/32065
http://www.ec-cube.net/release/detail.php?release_id=193
http://www.securityfocus.com/bid/31509
https://exchange.xforce.ibmcloud.com/vulnerabilities/45591