CVE-2023-22838

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-22838
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-22838.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-22838
Published
2023-03-06T00:15:10.830Z
Modified
2026-04-10T04:55:28.552459Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script.

References

Affected packages

Git / github.com/ec-cube/ec-cube

Affected ranges

Type
GIT
Repo
https://github.com/ec-cube/ec-cube
Events
Introduced
00ef39551273847cff9b737f98f120a50d4320cc
Last affected
c6838851eade4903e90a0d4294f8342f2178e067
Introduced
5d02dde61f824fb9e264d003f59afc4663811567
Last affected
710b64ce96786770fe59ba8255ff16925171f172
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8d81525bfe50caf159d9a4fb31124f479c6b658e
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
70de60feb792923ef751f2876add23f612777fa0
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
56786c9bb456ad52fa1f3b16dd9e675cc4a480fa
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0fbb7b3a340c75f2860123d5e01d706f8a15127b
Database specific 
{
    "versions": [
        {
            "introduced": "4.0.0"
        },
        {
            "last_affected": "4.0.6"
        },
        {
            "introduced": "4.1.0"
        },
        {
            "last_affected": "4.1.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.0.6-p1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.0.6-p2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.1.2-p1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.2.0"
        }
    ]
}

Affected versions

4.*
4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.5-p1
4.0.5-rc
4.0.6
4.0.6-p1
4.0.6-p2
4.1.0
4.1.1
4.1.1-20211130
4.1.2
4.1.2-20220128
4.1.2-20220203
4.1.2-p1
4.2.0
4.2.0-alpha
4.2.0-beta
4.2.0-beta-20220630
4.2.0-beta-20220722
4.2.0-beta-20220802
4.2.0-beta2
4.2.0-beta2-20220810
4.2.0-beta2-20220824
4.2.0-beta2-20220825
4.2.0-beta2-20220826
4.2.0-beta2-20220829
4.2.0-beta2-20220905
4.2.0-beta2-20220916
4.2.0-rc
Other
co/20190306
co/20190313
co/20190404
co/20190417
co/20190508
co/20190613
co/20190710
co/20190718
co/20190808
co/20190822
co/20190829
co/20190905
co/20190912
co/20190930
co/20191017
co/20191031
co/20191114
co/20191128
co/20191212
co/4.*
co/4.1-20211111
co/4.1-20211118
co/4.1-20211125
co/4.1-20211202
co/4.1-20220210
co/4.1-20220217
co/4.1-20220421
co/4.1-20220512
co/4.1-20220526

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-22838.json"