ec-cube/ec-cube Security Advisories for 4.0.0 (7)
-
[MEDIUM] EC-CUBE DOM-based cross-site scripting vulnerability
PKSA-kknk-hs9h-n1jp CVE-2022-38975 GHSA-pggw-rqfm-72rh
Affected version: >=4.0.0,<=4.1.2
Reported by:
GitHub -
[LOW] EC-CUBE Directory traversal vulnerability
PKSA-v5y6-rjph-x47m CVE-2022-40199 GHSA-wjpv-frf2-3r58
Affected version: >=4.0.0,<=4.1.2|>=3.0.0,<=3.0.18-p4
Reported by:
GitHub -
[MEDIUM] EC-CUBE Cross-site scripting vulnerability
PKSA-htqg-k9vx-vh65 CVE-2021-20751 GHSA-r6qq-qc9m-98w2
Affected version: >=4.0.0,<=4.0.5-p1
Reported by:
GitHub -
[MEDIUM] EC-CUBE Cross-site scripting vulnerability
PKSA-fbnq-1prz-vy1w CVE-2021-20750 GHSA-vrpv-26fm-7vf7
Affected version: >=4.0.0,<=4.0.5-p1|>=3.0.0,<=3.0.18-p2
Reported by:
GitHub -
[MEDIUM] EC-CUBE Cross-site scripting vulnerability
PKSA-d3r7-zcwn-syz2 CVE-2021-20717 GHSA-c8mx-43cq-993w
Affected version: >=4.0.0,<=4.0.5
Reported by:
GitHub -
[HIGH] EC-CUBE Directory traversal vulnerability
PKSA-cz94-h6hh-pr5x CVE-2020-5590 GHSA-hx79-x87c-hgm3
Affected version: >=4.0.0,<=4.0.3|>=3.0.0,<=3.0.18
Reported by:
GitHub -
[MEDIUM] EC-CUBE improperly handles HTTP Host header values
PKSA-3s8k-bkt9-x96b CVE-2022-25355 GHSA-pw97-6v74-9w3p
Affected version: >=4.0.0,<=4.1.1|>=3.0.0,<=3.0.18-p3
Reported by:
GitHub