Vulnerability Description
Cross-site scripting (XSS) vulnerability in the Cyber-Will Social-button Premium plugin before 1.1 for EC-CUBE 2.13.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cyber-Will | Social-Button Premium | <= 1.0 |
| Ec-Cube | Ec-Cube | 2.13.0 |
Related Weaknesses (CWE)
References
- http://jvn.jp/en/jp/JVN78482127/index.htmlVendor Advisory
- http://jvndb.jvn.jp/jvndb/JVNDB-2016-000048Third Party AdvisoryVDB EntryVendor Advisory
- http://www.cyber-will.co.jp/SA_JVN_78482127Vendor Advisory
- https://www.ec-cube.net/products/detail.php?product_id=799Vendor Advisory
- http://jvn.jp/en/jp/JVN78482127/index.htmlVendor Advisory
- http://jvndb.jvn.jp/jvndb/JVNDB-2016-000048Third Party AdvisoryVDB EntryVendor Advisory
- http://www.cyber-will.co.jp/SA_JVN_78482127Vendor Advisory
- https://www.ec-cube.net/products/detail.php?product_id=799Vendor Advisory
FAQ
What is CVE-2016-1180?
CVE-2016-1180 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Cross-site scripting (XSS) vulnerability in the Cyber-Will Social-button Premium plugin before 1.1 for EC-CUBE 2.13.x allows remote attackers to inject arbitrary web script or HTML via unspecified vec...
How severe is CVE-2016-1180?
CVE-2016-1180 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-1180?
Check the references section above for vendor advisories and patch information. Affected products include: Cyber-Will Social-Button Premium, Ec-Cube Ec-Cube.