ec-cube/ec-cube Security Advisories for 4.0.6 (4)
-
[MEDIUM] EC-CUBE DOM-based cross-site scripting vulnerability
PKSA-kknk-hs9h-n1jp CVE-2022-38975 GHSA-pggw-rqfm-72rh
Affected version: >=4.0.0,<=4.1.2
Reported by:
GitHub -
[LOW] EC-CUBE Directory traversal vulnerability
PKSA-v5y6-rjph-x47m CVE-2022-40199 GHSA-wjpv-frf2-3r58
Affected version: >=4.0.0,<=4.1.2|>=3.0.0,<=3.0.18-p4
Reported by:
GitHub -
[HIGH] EC-CUBE Improper access control vulnerability
PKSA-b4hv-mxtq-f2z1 CVE-2021-20778 GHSA-4cxm-8hh5-jj33
Affected version: >4.0.5-p1,<4.0.6-p1
Reported by:
GitHub -
[MEDIUM] EC-CUBE improperly handles HTTP Host header values
PKSA-3s8k-bkt9-x96b CVE-2022-25355 GHSA-pw97-6v74-9w3p
Affected version: >=4.0.0,<=4.1.1|>=3.0.0,<=3.0.18-p3
Reported by:
GitHub