CVE-2023-22438

Published: Mar 6, 2023Modified: Jun 17, 2026

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), and EC-CUBE 2 series (EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, and EC-CUBE 2.17.0 to 2.17.2) allows a remote authenticated attacker to inject an arbitrary script.

Affected (16)

Products: Ec Cube: Ec Cube

Ec Cube

1 product

Ec Cube

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
Ec Cube Ec Cube	From 2.11.0 to 2.11.5
Ec Cube Ec Cube	From 2.12.0 to 2.12.6
Ec Cube Ec Cube	From 2.13.0 to 2.13.5
Ec Cube Ec Cube	From 2.17.0 to 2.17.2
Ec Cube Ec Cube	From 3.0.0 to 3.0.18
Ec Cube Ec Cube	From 4.0.0 to 4.0.6
Ec Cube Ec Cube	From 4.1.0 to 4.1.2
Ec Cube Ec Cube	Version 3.0.18 p1
Ec Cube Ec Cube	Version 3.0.18 p2
Ec Cube Ec Cube	Version 3.0.18 p3
Ec Cube Ec Cube	Version 3.0.18 p4
Ec Cube Ec Cube	Version 3.0.18 p5
Ec Cube Ec Cube	Version 4.0.6 p1
Ec Cube Ec Cube	Version 4.0.6 p2
Ec Cube Ec Cube	Version 4.1.2 p1
Ec Cube Ec Cube	Version 4.2.0