CVE-2023-22438

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-22438

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-22438.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-22438

Published

2023-03-06T00:15:10Z

Modified

2025-03-08T00:49:23.109345Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), and EC-CUBE 2 series (EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, and EC-CUBE 2.17.0 to 2.17.2) allows a remote authenticated attacker to inject an arbitrary script.

References

Affected packages

Git / github.com/ec-cube/ec-cube

Affected ranges

Type: GIT
Repo: https://github.com/ec-cube/ec-cube
Events: Last affected

0fbb7b3a340c75f2860123d5e01d706f8a15127b

Introduced

1004363cf13cc929c0e077c0ac849a6d3c8c10bb

Last affected

13dfb352e47c6f231ead5e5b62dc0ec11e354789

Introduced

4ef1c4f8d51fd9d54a704300a26c65a278dc697a

Last affected

525aaa9f44407903f5cc20b371a5dd199ddae549

Last affected

56786c9bb456ad52fa1f3b16dd9e675cc4a480fa

Last affected

70de60feb792923ef751f2876add23f612777fa0

Introduced

5d02dde61f824fb9e264d003f59afc4663811567

Last affected

710b64ce96786770fe59ba8255ff16925171f172

Last affected

8d81525bfe50caf159d9a4fb31124f479c6b658e

Introduced

e2547e2d1775ceacd7c73e1b72d5512efcdb45e7

Last affected

92fe8f744181641bb8ce0db28b988b089004fbfa

Introduced

00ef39551273847cff9b737f98f120a50d4320cc

Last affected

c6838851eade4903e90a0d4294f8342f2178e067

Type: GIT
Repo: https://github.com/ec-cube/ec-cube2
Events: Introduced

9d428d236baa44358f56a38b3ba336222535f7fd

Last affected

25e9c8c90ed17ce6857b78570e403bfa11095941

Introduced

0f4bf44ed1980ed45b18fc4dfa1543f51c57c48e

Last affected

eb43f49065a0e5f6c5367a5d2ae5fd994a5e3bb5

Type: GIT
Repo: https://github.com/ec-cube/ec-cube3
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

14cd0cf79cec92be106bccb26eb3b84146b75876

Last affected

20465ad72bdb3e9342c903846c86c7a70805e58c

Last affected

8359822a04ce1db587adfcec4bbabdfb147b0493

Last affected

9aeaab66eba8c15c60e29cbb8f61317388c86c59

Last affected

c0cbef490ebc9e9a9b1c54bf13c8296d17862d4d

Affected versions

3.*

3.0.0

3.0.0-beta0

3.0.0-beta1

3.0.0-beta2

3.0.0-beta3

3.0.0-beta4

3.0.1

3.0.10

3.0.11

3.0.11-RC

3.0.11-pre

3.0.12

3.0.12-p1

3.0.13

3.0.14

3.0.15

3.0.16

3.0.17

3.0.18

3.0.18-p1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.0.9

3.1.0-alpha

3.1.0-alpha2

3.1.0-alpha3

3.n-alpha4

3.n-alpha5

3.n-alpha6

4.*

4.0-beta

4.0-beta2

4.0.0

4.0.0-rc

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.5-p1

4.0.5-rc

4.0.6

4.0.6-p1

4.0.6-p2

4.1-beta

4.1-beta2

4.1-beta3

4.1-beta3-20210831

4.1-beta3-20210901

4.1-beta3-20210903

4.1-rc

4.1.0

4.1.1

4.1.1-20211130

4.1.2

4.1.2-20220128

4.1.2-20220203

4.1.2-p1

4.2.0

4.2.0-alpha

4.2.0-beta

4.2.0-beta-20220630

4.2.0-beta-20220722

4.2.0-beta-20220802

4.2.0-beta2

4.2.0-beta2-20220810

4.2.0-beta2-20220824

4.2.0-beta2-20220825

4.2.0-beta2-20220826

4.2.0-beta2-20220829

4.2.0-beta2-20220905

4.2.0-beta2-20220916

4.2.0-rc

Other

co/20190306

co/20190313

co/20190404

co/20190417

co/20190508

co/20190613

co/20190710

co/20190718

co/20190808

co/20190822

co/20190829

co/20190905

co/20190912

co/20190930

co/20191017

co/20191031

co/20191114

co/20191128

co/20191212

co/4.*

co/4.1-20211111

co/4.1-20211118

co/4.1-20211125

co/4.1-20211202

co/4.1-20220210

co/4.1-20220217

co/4.1-20220421

co/4.1-20220512

co/4.1-20220526

co/4.1-20220804

eccube-2.*

eccube-2.17.0

eccube-3.*

eccube-3.0.0-alpha