Vulnerability Description
Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), and EC-CUBE 2 series (EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, and EC-CUBE 2.17.0 to 2.17.2) allows a remote authenticated attacker to inject an arbitrary script.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ec-Cube | Ec-Cube | >= 2.11.0, <= 2.11.5 |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/jp/JVN04785663/Third Party Advisory
- https://www.ec-cube.net/info/weakness/20230214/PatchRelease NotesVendor Advisory
- https://www.ec-cube.net/info/weakness/20230214/index_2.phpPatchRelease NotesVendor Advisory
- https://www.ec-cube.net/info/weakness/20230214/index_3.phpPatchRelease NotesVendor Advisory
- https://jvn.jp/en/jp/JVN04785663/Third Party Advisory
- https://www.ec-cube.net/info/weakness/20230214/PatchRelease NotesVendor Advisory
- https://www.ec-cube.net/info/weakness/20230214/index_2.phpPatchRelease NotesVendor Advisory
- https://www.ec-cube.net/info/weakness/20230214/index_3.phpPatchRelease NotesVendor Advisory
FAQ
What is CVE-2023-22438?
CVE-2023-22438 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), ...
How severe is CVE-2023-22438?
CVE-2023-22438 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-22438?
Check the references section above for vendor advisories and patch information. Affected products include: Ec-Cube Ec-Cube.