Security Advisory

CVE-2023-40281

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-08-17 06:37:01

Last updated 2024-10-08 17:38:02

Assigner jpcert

State PUBLISHED

Description

EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerability in "mail/template" and "products/product" of Management page. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the other administrator or the user who accessed the website using the product.

← Browse all CVEs View on cve.org ↗