Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and earlier, Ver1 Beta 1.5.0-beta and earlier, Ver2 2.1.2a and earlier, Ver2 Beta(RC) 2.1.1-beta and earlier, Community Edition 1.3.4 and earlier, and Community Edition Nightly-Build r17336 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4535 and CVE-2008-4536.
Software | From | Fixed in |
---|---|---|
ec-cube / ec-cube | - | 1.3.4.x |
ec-cube / ec-cube | - | 2.1.2a.x |
ec-cube / ec-cube | - | 2.3.0.x |
ec-cube / ec-cube | 1.0 | 1.0.x |
ec-cube / ec-cube | 1.4.7 | 1.4.7.x |
ec-cube / ec-cube | 1.5.0-b2 | 1.5.0-b2.x |