CVE-2008-4537

Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and earlier, Ver1 Beta 1.5.0-beta and earlier, Ver2 2.1.2a and earlier, Ver2 Beta(RC) 2.1.1-beta and earlier, Community Edition 1.3.4 and earlier, and Community Edition Nightly-Build r17336 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4535 and CVE-2008-4536.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
VendorProductVersion
ec-cubeec-cube
𝑥
≤ 1.3.4
ec-cubeec-cube
𝑥
≤ 2.1.2a
ec-cubeec-cube
𝑥
≤ 2.3.0
ec-cubeec-cube
1.0
ec-cubeec-cube
1.4.7
ec-cubeec-cube
1.5.0:b2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://jvn.jp/en/jp/JVN26621646/index.html
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000062.html
http://secunia.com/advisories/32065
http://www.ec-cube.net/release/detail.php?release_id=193
http://www.securityfocus.com/bid/31509
https://exchange.xforce.ibmcloud.com/vulnerabilities/45851
http://jvn.jp/en/jp/JVN26621646/index.html
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000062.html
http://secunia.com/advisories/32065
http://www.ec-cube.net/release/detail.php?release_id=193
http://www.securityfocus.com/bid/31509
https://exchange.xforce.ibmcloud.com/vulnerabilities/45851