CVE-2011-0451
03.02.2011, 16:00
Multiple cross-site scripting (XSS) vulnerabilities in (1) data/Smarty/templates/default/list.tpl and (2) data/Smarty/templates/default/campaign/bloc/cart_tag.tpl in EC-CUBE before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Vendor | Product | Version |
---|---|---|
lockon | ec-cube | 𝑥 ≤ 2.4.3 |
lockon | ec-cube | 1.1.0:beta |
lockon | ec-cube | 1.1.1 |
lockon | ec-cube | 1.2.0:beta |
lockon | ec-cube | 1.3.0 |
lockon | ec-cube | 1.3.0:beta |
lockon | ec-cube | 1.3.1 |
lockon | ec-cube | 1.3.1:a |
lockon | ec-cube | 1.3.2 |
lockon | ec-cube | 1.3.3 |
lockon | ec-cube | 1.3.4 |
lockon | ec-cube | 1.3.4:community |
lockon | ec-cube | 1.4.0:a-beta |
lockon | ec-cube | 1.4.0:beta |
lockon | ec-cube | 1.4.1:beta |
lockon | ec-cube | 1.4.2:beta |
lockon | ec-cube | 1.4.3:a-beta |
lockon | ec-cube | 1.4.3:b-beta |
lockon | ec-cube | 1.4.3:beta |
lockon | ec-cube | 1.4.5 |
lockon | ec-cube | 1.4.6 |
lockon | ec-cube | 1.4.7 |
lockon | ec-cube | 1.5.0:beta |
lockon | ec-cube | 2.0.0:beta |
lockon | ec-cube | 2.0.1 |
lockon | ec-cube | 2.0.1:a |
lockon | ec-cube | 2.1.0:beta |
lockon | ec-cube | 2.1.2 |
lockon | ec-cube | 2.1.2:a |
lockon | ec-cube | 2.2.0:beta |
lockon | ec-cube | 2.2.1:one |
lockon | ec-cube | 2.3.0 |
lockon | ec-cube | 2.3.0:rc1 |
lockon | ec-cube | 2.3.1 |
lockon | ec-cube | 2.3.3 |
lockon | ec-cube | 2.3.4 |
lockon | ec-cube | 2.4.0 |
lockon | ec-cube | 2.4.0:rc1 |
lockon | ec-cube | 2.4.1 |
lockon | ec-cube | 2.4.2 |
lockon | ec-cube | 2.4.4 |
lockon | ec-cube | 2.11.0:beta |
𝑥
= Vulnerable software versions
References