ec-cube/ec-cube Security Advisories for 3.0.0-beta3 (6)
-
[LOW] EC-CUBE Directory traversal vulnerability
PKSA-v5y6-rjph-x47m CVE-2022-40199 GHSA-wjpv-frf2-3r58
Affected version: >=4.0.0,<=4.1.2|>=3.0.0,<=3.0.18-p4
Reported by:
GitHub -
[MEDIUM] EC-CUBE Cross-site scripting vulnerability
PKSA-fbnq-1prz-vy1w CVE-2021-20750 GHSA-vrpv-26fm-7vf7
Affected version: >=4.0.0,<=4.0.5-p1|>=3.0.0,<=3.0.18-p2
Reported by:
GitHub -
[MEDIUM] EC-CUBE Improper Restriction of Rendered UI Layers or Frames
PKSA-v9zg-hvb2-3g6s CVE-2020-5679 GHSA-rwh8-h525-4jvj
Affected version: >=3.0.0,<=3.0.18
Reported by:
GitHub -
[HIGH] EC-CUBE Directory traversal vulnerability
PKSA-cz94-h6hh-pr5x CVE-2020-5590 GHSA-hx79-x87c-hgm3
Affected version: >=4.0.0,<=4.0.3|>=3.0.0,<=3.0.18
Reported by:
GitHub -
[MEDIUM] EC-CUBE Open redirect vulnerability
PKSA-1gkb-57zx-wc56 CVE-2018-16191 GHSA-fcgg-qgxg-2g2x
Affected version: >=3.0.0,<=3.0.16
Reported by:
GitHub -
[MEDIUM] EC-CUBE improperly handles HTTP Host header values
PKSA-3s8k-bkt9-x96b CVE-2022-25355 GHSA-pw97-6v74-9w3p
Affected version: >=4.0.0,<=4.1.1|>=3.0.0,<=3.0.18-p3
Reported by:
GitHub