CVE-2023-25077

Source
https://cve.org/CVERecord?id=CVE-2023-25077
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25077.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-25077
Published
2023-03-05T00:00:00Z
Modified
2026-07-08T06:26:17.402852996Z
Summary
[none]
Details

Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0"
                },
                {
                    "last_affected": "EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/25xxx/CVE-2023-25077.json",
    "cna_assigner": "jpcert"
}
References

Affected packages

Git / github.com/ec-cube/ec-cube

Affected ranges

Type
GIT
Repo
https://github.com/ec-cube/ec-cube
Events
Database specific
{
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ],
    "cpe": [
        "cpe:2.3:a:ec-cube:ec-cube:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:ec-cube:ec-cube:4.0.6:p1:*:*:*:*:*:*",
        "cpe:2.3:a:ec-cube:ec-cube:4.0.6:p2:*:*:*:*:*:*",
        "cpe:2.3:a:ec-cube:ec-cube:4.1.2:p1:*:*:*:*:*:*",
        "cpe:2.3:a:ec-cube:ec-cube:4.2.0:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "4.0.0"
        },
        {
            "last_affected": "4.0.6"
        },
        {
            "introduced": "4.1.0"
        },
        {
            "last_affected": "4.1.2"
        },
        {
            "introduced": "4.0.6-p1"
        },
        {
            "last_affected": "4.0.6-p1"
        },
        {
            "introduced": "4.0.6-p2"
        },
        {
            "last_affected": "4.0.6-p2"
        },
        {
            "introduced": "4.1.2-p1"
        },
        {
            "last_affected": "4.1.2-p1"
        },
        {
            "introduced": "4.2.0"
        },
        {
            "last_affected": "4.2.0"
        }
    ]
}

Affected versions

4.*
4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.5-p1
4.0.5-rc
4.0.6
4.0.6-p1
4.0.6-p2
4.1.0
4.1.1
4.1.1-20211130
4.1.2
4.1.2-20220128
4.1.2-20220203
4.1.2-p1
4.2.0
4.2.0-alpha
4.2.0-beta
4.2.0-beta-20220630
4.2.0-beta-20220722
4.2.0-beta-20220802
4.2.0-beta2
4.2.0-beta2-20220810
4.2.0-beta2-20220824
4.2.0-beta2-20220825
4.2.0-beta2-20220826
4.2.0-beta2-20220829
4.2.0-beta2-20220905
4.2.0-beta2-20220916
4.2.0-rc
Other
co/20190306
co/20190313
co/20190404
co/20190417
co/20190508
co/20190613
co/20190710
co/20190718
co/20190808
co/20190822
co/20190829
co/20190905
co/20190912
co/20190930
co/20191017
co/20191031
co/20191114
co/20191128
co/20191212
co/4.*
co/4.1-20211111
co/4.1-20211118
co/4.1-20211125
co/4.1-20211202
co/4.1-20220210
co/4.1-20220217
co/4.1-20220421
co/4.1-20220512
co/4.1-20220526

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25077.json"