Vulnerability Details CVE-2023-22438
Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), and EC-CUBE 2 series (EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, and EC-CUBE 2.17.0 to 2.17.2) allows a remote authenticated attacker to inject an arbitrary script.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.2%
CVSS Severity
CVSS v3 Score 5.4
References
- https://jvn.jp/en/jp/JVN04785663/
- https://www.ec-cube.net/info/weakness/20230214/
- https://www.ec-cube.net/info/weakness/20230214/index_2.php
- https://www.ec-cube.net/info/weakness/20230214/index_3.php
- https://jvn.jp/en/jp/JVN04785663/
- https://www.ec-cube.net/info/weakness/20230214/
- https://www.ec-cube.net/info/weakness/20230214/index_2.php
- https://www.ec-cube.net/info/weakness/20230214/index_3.php
Products affected by CVE-2023-22438
-
cpe:2.3:a:ec-cube:ec-cube:2.11.0
-
cpe:2.3:a:ec-cube:ec-cube:2.11.1
-
cpe:2.3:a:ec-cube:ec-cube:2.11.2
-
cpe:2.3:a:ec-cube:ec-cube:2.11.3
-
cpe:2.3:a:ec-cube:ec-cube:2.11.4
-
cpe:2.3:a:ec-cube:ec-cube:2.11.5
-
cpe:2.3:a:ec-cube:ec-cube:2.12.0
-
cpe:2.3:a:ec-cube:ec-cube:2.12.1
-
cpe:2.3:a:ec-cube:ec-cube:2.12.2
-
cpe:2.3:a:ec-cube:ec-cube:2.12.3
-
cpe:2.3:a:ec-cube:ec-cube:2.12.4
-
cpe:2.3:a:ec-cube:ec-cube:2.12.5
-
cpe:2.3:a:ec-cube:ec-cube:2.12.6
-
cpe:2.3:a:ec-cube:ec-cube:2.13.0
-
cpe:2.3:a:ec-cube:ec-cube:2.13.1
-
cpe:2.3:a:ec-cube:ec-cube:2.13.2
-
cpe:2.3:a:ec-cube:ec-cube:2.13.3
-
cpe:2.3:a:ec-cube:ec-cube:2.13.4
-
cpe:2.3:a:ec-cube:ec-cube:2.13.5
-
cpe:2.3:a:ec-cube:ec-cube:2.17.0
-
cpe:2.3:a:ec-cube:ec-cube:2.17.1
-
cpe:2.3:a:ec-cube:ec-cube:2.17.2
-
cpe:2.3:a:ec-cube:ec-cube:3.0.0
-
cpe:2.3:a:ec-cube:ec-cube:3.0.1
-
cpe:2.3:a:ec-cube:ec-cube:3.0.10
-
cpe:2.3:a:ec-cube:ec-cube:3.0.11
-
cpe:2.3:a:ec-cube:ec-cube:3.0.12
-
cpe:2.3:a:ec-cube:ec-cube:3.0.13
-
cpe:2.3:a:ec-cube:ec-cube:3.0.14
-
cpe:2.3:a:ec-cube:ec-cube:3.0.15
-
cpe:2.3:a:ec-cube:ec-cube:3.0.16
-
cpe:2.3:a:ec-cube:ec-cube:3.0.17
-
cpe:2.3:a:ec-cube:ec-cube:3.0.18
-
cpe:2.3:a:ec-cube:ec-cube:3.0.2
-
cpe:2.3:a:ec-cube:ec-cube:3.0.3
-
cpe:2.3:a:ec-cube:ec-cube:3.0.4
-
cpe:2.3:a:ec-cube:ec-cube:3.0.5
-
cpe:2.3:a:ec-cube:ec-cube:3.0.6
-
cpe:2.3:a:ec-cube:ec-cube:3.0.7
-
cpe:2.3:a:ec-cube:ec-cube:3.0.8
-
cpe:2.3:a:ec-cube:ec-cube:3.0.9
-
cpe:2.3:a:ec-cube:ec-cube:4.0.0
-
cpe:2.3:a:ec-cube:ec-cube:4.0.1
-
cpe:2.3:a:ec-cube:ec-cube:4.0.2
-
cpe:2.3:a:ec-cube:ec-cube:4.0.3
-
cpe:2.3:a:ec-cube:ec-cube:4.0.5
-
cpe:2.3:a:ec-cube:ec-cube:4.0.6
-
cpe:2.3:a:ec-cube:ec-cube:4.1.0
-
cpe:2.3:a:ec-cube:ec-cube:4.1.1
-
cpe:2.3:a:ec-cube:ec-cube:4.1.2
-
cpe:2.3:a:ec-cube:ec-cube:4.2.0