Security Advisory

CVE-2024-41141

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-07-30 08:45:40

Last updated 2024-11-06 16:20:46

Assigner jpcert

State PUBLISHED

Description

Stored cross-site scripting vulnerability exists in EC-CUBE Web API Plugin. When there are multiple users using OAuth Management feature and one of them inputs some crafted value on the OAuth Management page, an arbitrary script may be executed on the web browser of the other user who accessed the management page.

← Browse all CVEs View on cve.org ↗