Vulnerabilidades em EC-CUBE CO.,LTD.

26 resultados

CVE-2021-20842—Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series 2.11.0 to 2.17.1 allows a remote attacker to hijack the authentication oEPSS 0.5%CVE-2022-21179—Cross-site request forgery (CSRF) vulnerability in EC-CUBE plugin 'Mail Magazine Management Plugin' ver4.0.0 to 4.1.1 (for EC-CUBE 4 series)EPSS 0.5%CVE-2023-40281—EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerability in "mail/template" and "products/product" of Management page. If tEPSS 0.4%CVE-2026-30777MEDIUMEC-CUBE provided by EC-CUBE CO.,LTD. contains a multi-factor authentication (MFA) bypass vulnerability. An attacker who has obtained a validEPSS 0.3%CVE-2024-41924HIGHAcceptance of extraneous untrusted data with trusted data vulnerability exists in EC-CUBE 4 series. If this vulnerability is exploited, an aEPSS 0.3%CVE-2024-41141MEDIUMStored cross-site scripting vulnerability exists in EC-CUBE Web API Plugin. When there are multiple users using OAuth Management feature andEPSS 0.3%

← anteriorpágina 2 / 2próxima →