Vulnerability CVE-2023-25077
Published: 2023-03-06

Description:
Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script.

 References:
https://www.ec-cube.net/info/weakness/20230214/
https://jvn.jp/en/jp/JVN04785663/
Copyright 2026, cxsecurity.com

 

Back to Top