Search criteria
26 vulnerabilities by lockon
CVE-2018-0564 (GCVE-0-2018-0564)
Vulnerability from cvelistv5 – Published: 2018-04-20 13:00 – Updated: 2024-08-05 03:28
VLAI
Summary
Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15) allows remote attackers to perform arbitrary operations via unspecified vectors.
Severity
No CVSS data available.
CWE
- Session fixation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ec-cube.net/info/weakness/20180416/ | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN52695336/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| LOCKON CO.,LTD. | EC-CUBE |
Affected:
(EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15)
|
Date Public
2018-04-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ec-cube.net/info/weakness/20180416/"
},
{
"name": "JVN#52695336",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN52695336/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EC-CUBE",
"vendor": "LOCKON CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "(EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15)"
}
]
}
],
"datePublic": "2018-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15) allows remote attackers to perform arbitrary operations via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Session fixation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-20T12:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ec-cube.net/info/weakness/20180416/"
},
{
"name": "JVN#52695336",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN52695336/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EC-CUBE",
"version": {
"version_data": [
{
"version_value": "(EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15)"
}
]
}
}
]
},
"vendor_name": "LOCKON CO.,LTD."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3..4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15) allows remote attackers to perform arbitrary operations via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Session fixation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ec-cube.net/info/weakness/20180416/",
"refsource": "CONFIRM",
"url": "https://www.ec-cube.net/info/weakness/20180416/"
},
{
"name": "JVN#52695336",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN52695336/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0564",
"datePublished": "2018-04-20T13:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:28:11.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1201 (GCVE-0-2016-1201)
Vulnerability from cvelistv5 – Published: 2016-04-30 10:00 – Updated: 2024-08-05 22:48
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to hijack the authentication of administrators.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/90515 | vdb-entryx_refsource_BID |
| http://www.ec-cube.net/info/weakness/weakness.php?id=67 | x_refsource_CONFIRM |
| http://jvndb.jvn.jp/jvndb/JVNDB-2016-000053 | third-party-advisoryx_refsource_JVNDB |
| http://jvn.jp/en/jp/JVN73776243/index.html | third-party-advisoryx_refsource_JVN |
| https://www.ec-cube.net/info/weakness/201604/ | x_refsource_CONFIRM |
Date Public
2016-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "90515",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90515"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=67"
},
{
"name": "JVNDB-2016-000053",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000053"
},
{
"name": "JVN#73776243",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN73776243/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ec-cube.net/info/weakness/201604/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to hijack the authentication of administrators."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "90515",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90515"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=67"
},
{
"name": "JVNDB-2016-000053",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000053"
},
{
"name": "JVN#73776243",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN73776243/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ec-cube.net/info/weakness/201604/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to hijack the authentication of administrators."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "90515",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90515"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=67",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=67"
},
{
"name": "JVNDB-2016-000053",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000053"
},
{
"name": "JVN#73776243",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN73776243/index.html"
},
{
"name": "https://www.ec-cube.net/info/weakness/201604/",
"refsource": "CONFIRM",
"url": "https://www.ec-cube.net/info/weakness/201604/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-1201",
"datePublished": "2016-04-30T10:00:00.000Z",
"dateReserved": "2015-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:48:13.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1199 (GCVE-0-2016-1199)
Vulnerability from cvelistv5 – Published: 2016-04-30 10:00 – Updated: 2024-08-05 22:48
VLAI
Summary
The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN47473944/index.html | third-party-advisoryx_refsource_JVN |
| http://jvndb.jvn.jp/jvndb/JVNDB-2016-000051 | third-party-advisoryx_refsource_JVNDB |
| http://www.ec-cube.net/info/weakness/weakness.php?id=65 | x_refsource_CONFIRM |
| https://www.ec-cube.net/info/weakness/201604/ | x_refsource_CONFIRM |
Date Public
2016-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#47473944",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN47473944/index.html"
},
{
"name": "JVNDB-2016-000051",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000051"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=65"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ec-cube.net/info/weakness/201604/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-30T01:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#47473944",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN47473944/index.html"
},
{
"name": "JVNDB-2016-000051",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000051"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=65"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ec-cube.net/info/weakness/201604/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#47473944",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN47473944/index.html"
},
{
"name": "JVNDB-2016-000051",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000051"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=65",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=65"
},
{
"name": "https://www.ec-cube.net/info/weakness/201604/",
"refsource": "CONFIRM",
"url": "https://www.ec-cube.net/info/weakness/201604/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-1199",
"datePublished": "2016-04-30T10:00:00.000Z",
"dateReserved": "2015-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:48:13.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1200 (GCVE-0-2016-1200)
Vulnerability from cvelistv5 – Published: 2016-04-30 10:00 – Updated: 2024-08-05 22:48
VLAI
Summary
The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-1199.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/90503 | vdb-entryx_refsource_BID |
| http://jvn.jp/en/jp/JVN11458774/index.html | third-party-advisoryx_refsource_JVN |
| http://jvndb.jvn.jp/jvndb/JVNDB-2016-000052 | third-party-advisoryx_refsource_JVNDB |
| https://www.ec-cube.net/info/weakness/201604/ | x_refsource_CONFIRM |
| http://www.ec-cube.net/info/weakness/weakness.php?id=66 | x_refsource_CONFIRM |
Date Public
2016-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "90503",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90503"
},
{
"name": "JVN#11458774",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN11458774/index.html"
},
{
"name": "JVNDB-2016-000052",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000052"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ec-cube.net/info/weakness/201604/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=66"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-1199."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "90503",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90503"
},
{
"name": "JVN#11458774",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN11458774/index.html"
},
{
"name": "JVNDB-2016-000052",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000052"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ec-cube.net/info/weakness/201604/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=66"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-1199."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "90503",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90503"
},
{
"name": "JVN#11458774",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN11458774/index.html"
},
{
"name": "JVNDB-2016-000052",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000052"
},
{
"name": "https://www.ec-cube.net/info/weakness/201604/",
"refsource": "CONFIRM",
"url": "https://www.ec-cube.net/info/weakness/201604/"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=66",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=66"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-1200",
"datePublished": "2016-04-30T10:00:00.000Z",
"dateReserved": "2015-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:48:13.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5665 (GCVE-0-2015-5665)
Vulnerability from cvelistv5 – Published: 2015-10-27 01:00 – Updated: 2024-08-06 06:59
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.ec-cube.net/info/weakness/weakness.php?id=63 | x_refsource_CONFIRM |
| http://jvndb.jvn.jp/jvndb/JVNDB-2015-000166 | third-party-advisoryx_refsource_JVNDB |
| http://jvn.jp/en/jp/JVN97278546/index.html | third-party-advisoryx_refsource_JVN |
| https://www.ec-cube.net/info/weakness/201510_01/ | x_refsource_CONFIRM |
Date Public
2015-10-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:59:03.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=63"
},
{
"name": "JVNDB-2015-000166",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000166"
},
{
"name": "JVN#97278546",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN97278546/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ec-cube.net/info/weakness/201510_01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-27T01:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=63"
},
{
"name": "JVNDB-2015-000166",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000166"
},
{
"name": "JVN#97278546",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN97278546/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ec-cube.net/info/weakness/201510_01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-5665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=63",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=63"
},
{
"name": "JVNDB-2015-000166",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000166"
},
{
"name": "JVN#97278546",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN97278546/index.html"
},
{
"name": "https://www.ec-cube.net/info/weakness/201510_01/",
"refsource": "CONFIRM",
"url": "https://www.ec-cube.net/info/weakness/201510_01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2015-5665",
"datePublished": "2015-10-27T01:00:00.000Z",
"dateReserved": "2015-07-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:59:03.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0808 (GCVE-0-2014-0808)
Vulnerability from cvelistv5 – Published: 2014-01-22 21:00 – Updated: 2024-08-06 09:27
VLAI
Summary
Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users' information by sending a crafted HTTP request.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Authorization Bypass Through User-Controlled Key
- CWE-566 - Authorization Bypass Through User-Controlled SQL Primary Key
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| EC-CUBE CO.,LTD. | EC-CUBE |
Affected:
2.11.0 through 2.12.2
|
|
| S‑cubism Inc. | EC-Orange |
Affected:
systems deployed before June 29th
Affected: 2015 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2014-0808",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T14:04:20.266694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-566",
"description": "CWE-566 Authorization Bypass Through User-Controlled SQL Primary Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T14:07:16.517Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=57"
},
{
"tags": [
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN51770585/"
},
{
"tags": [
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000006"
},
{
"tags": [
"x_transferred"
],
"url": "https://ec-orange.jp/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN15637138/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvndb.jvn.jp/jvndb/JVNDB-2024-000054"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EC-CUBE",
"vendor": "EC-CUBE CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "2.11.0 through 2.12.2"
}
]
},
{
"product": "EC-Orange",
"vendor": "S\u2011cubism Inc.",
"versions": [
{
"status": "affected",
"version": "systems deployed before June 29th"
},
{
"status": "affected",
"version": "2015"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users\u0027 information by sending a crafted HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T05:17:08.940Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=57"
},
{
"url": "http://jvn.jp/en/jp/JVN51770585/"
},
{
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000006"
},
{
"url": "https://ec-orange.jp/"
},
{
"url": "https://jvn.jp/en/jp/JVN15637138/"
},
{
"url": "https://jvndb.jvn.jp/jvndb/JVNDB-2024-000054"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-0808",
"datePublished": "2014-01-22T21:00:00.000Z",
"dateReserved": "2014-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:27:20.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0807 (GCVE-0-2014-0807)
Vulnerability from cvelistv5 – Published: 2014-01-22 21:00 – Updated: 2024-08-06 09:27
VLAI
Summary
data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE 2.4.4 and earlier, and 2.11.0 through 2.12.2, allows remote attackers to modify data via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.ec-cube.net/info/weakness/weakness.php?id=56 | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN17849447/index.html | third-party-advisoryx_refsource_JVN |
| http://jvndb.jvn.jp/jvndb/JVNDB-2014-000005 | third-party-advisoryx_refsource_JVNDB |
Date Public
2014-01-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=56"
},
{
"name": "JVN#17849447",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN17849447/index.html"
},
{
"name": "JVNDB-2014-000005",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE 2.4.4 and earlier, and 2.11.0 through 2.12.2, allows remote attackers to modify data via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-22T21:57:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=56"
},
{
"name": "JVN#17849447",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN17849447/index.html"
},
{
"name": "JVNDB-2014-000005",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000005"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-0807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE 2.4.4 and earlier, and 2.11.0 through 2.12.2, allows remote attackers to modify data via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=56",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=56"
},
{
"name": "JVN#17849447",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN17849447/index.html"
},
{
"name": "JVNDB-2014-000005",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000005"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-0807",
"datePublished": "2014-01-22T21:00:00.000Z",
"dateReserved": "2014-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:27:20.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5994 (GCVE-0-2013-5994)
Vulnerability from cvelistv5 – Published: 2013-11-21 02:00 – Updated: 2024-08-06 17:29
VLAI
Summary
data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN06870202/index.html | third-party-advisoryx_refsource_JVN |
| http://svn.ec-cube.net/open_trac/changeset/23278 | x_refsource_CONFIRM |
| http://jvndb.jvn.jp/jvndb/JVNDB-2013-000098 | third-party-advisoryx_refsource_JVNDB |
| http://www.ec-cube.net/info/weakness/weakness.php?id=52 | x_refsource_CONFIRM |
Date Public
2013-11-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#06870202",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN06870202/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/23278"
},
{
"name": "JVNDB-2013-000098",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000098"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=52"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-23T18:10:04.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#06870202",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN06870202/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/23278"
},
{
"name": "JVNDB-2013-000098",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000098"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=52"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-5994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#06870202",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN06870202/index.html"
},
{
"name": "http://svn.ec-cube.net/open_trac/changeset/23278",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/23278"
},
{
"name": "JVNDB-2013-000098",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000098"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=52",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=52"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-5994",
"datePublished": "2013-11-21T02:00:00.000Z",
"dateReserved": "2013-10-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:29:42.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5995 (GCVE-0-2013-5995)
Vulnerability from cvelistv5 – Published: 2013-11-21 02:00 – Updated: 2024-08-06 17:29
VLAI
Summary
data/class/helper/SC_Helper_Address.php in the front-features implementation in LOCKON EC-CUBE 2.12.3 through 2.13.0 allows remote authenticated users to obtain sensitive information via unspecified vectors related to addresses.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN55630933/index.html | third-party-advisoryx_refsource_JVN |
| http://jvndb.jvn.jp/jvndb/JVNDB-2013-000106 | third-party-advisoryx_refsource_JVNDB |
| http://www.ec-cube.net/info/weakness/weakness.php?id=51 | x_refsource_CONFIRM |
| http://svn.ec-cube.net/open_trac/changeset/23274 | x_refsource_CONFIRM |
Date Public
2013-11-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#55630933",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN55630933/index.html"
},
{
"name": "JVNDB-2013-000106",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000106"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=51"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/23274"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "data/class/helper/SC_Helper_Address.php in the front-features implementation in LOCKON EC-CUBE 2.12.3 through 2.13.0 allows remote authenticated users to obtain sensitive information via unspecified vectors related to addresses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-23T18:10:04.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#55630933",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN55630933/index.html"
},
{
"name": "JVNDB-2013-000106",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000106"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=51"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/23274"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-5995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "data/class/helper/SC_Helper_Address.php in the front-features implementation in LOCKON EC-CUBE 2.12.3 through 2.13.0 allows remote authenticated users to obtain sensitive information via unspecified vectors related to addresses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#55630933",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN55630933/index.html"
},
{
"name": "JVNDB-2013-000106",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000106"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=51",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=51"
},
{
"name": "http://svn.ec-cube.net/open_trac/changeset/23274",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/23274"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-5995",
"datePublished": "2013-11-21T02:00:00.000Z",
"dateReserved": "2013-10-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:29:42.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5993 (GCVE-0-2013-5993)
Vulnerability from cvelistv5 – Published: 2013-11-21 02:00 – Updated: 2024-08-06 17:29
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors related to refusals.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN11221613/index.html | third-party-advisoryx_refsource_JVN |
| http://jvndb.jvn.jp/jvndb/JVNDB-2013-000097 | third-party-advisoryx_refsource_JVNDB |
| http://www.ec-cube.net/info/weakness/weakness.php?id=53 | x_refsource_CONFIRM |
| http://svn.ec-cube.net/open_trac/changeset/23277 | x_refsource_CONFIRM |
Date Public
2013-11-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#11221613",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN11221613/index.html"
},
{
"name": "JVNDB-2013-000097",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000097"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=53"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/23277"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors related to refusals."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-23T18:10:04.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#11221613",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN11221613/index.html"
},
{
"name": "JVNDB-2013-000097",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000097"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=53"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/23277"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-5993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors related to refusals."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#11221613",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN11221613/index.html"
},
{
"name": "JVNDB-2013-000097",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000097"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=53",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=53"
},
{
"name": "http://svn.ec-cube.net/open_trac/changeset/23277",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/23277"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-5993",
"datePublished": "2013-11-21T02:00:00.000Z",
"dateReserved": "2013-10-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:29:42.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5992 (GCVE-0-2013-5992)
Vulnerability from cvelistv5 – Published: 2013-11-21 02:00 – Updated: 2024-08-06 17:29
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to inject arbitrary web script or HTML by leveraging incorrect handling of error-message output.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.ec-cube.net/info/weakness/weakness.php?id=54 | x_refsource_CONFIRM |
| http://jvndb.jvn.jp/jvndb/JVNDB-2013-000105 | third-party-advisoryx_refsource_JVNDB |
| http://jvn.jp/en/jp/JVN38790987/index.html | third-party-advisoryx_refsource_JVN |
Date Public
2013-11-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=54"
},
{
"name": "JVNDB-2013-000105",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000105"
},
{
"name": "JVN#38790987",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN38790987/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to inject arbitrary web script or HTML by leveraging incorrect handling of error-message output."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-23T18:10:04.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=54"
},
{
"name": "JVNDB-2013-000105",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000105"
},
{
"name": "JVN#38790987",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN38790987/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-5992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to inject arbitrary web script or HTML by leveraging incorrect handling of error-message output."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=54",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=54"
},
{
"name": "JVNDB-2013-000105",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000105"
},
{
"name": "JVN#38790987",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN38790987/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-5992",
"datePublished": "2013-11-21T02:00:00.000Z",
"dateReserved": "2013-10-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:29:42.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5991 (GCVE-0-2013-5991)
Vulnerability from cvelistv5 – Published: 2013-11-21 02:00 – Updated: 2024-08-06 17:29
VLAI
Summary
The displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to obtain sensitive information by leveraging incorrect handling of error-log output.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN61077110/index.html | third-party-advisoryx_refsource_JVN |
| http://www.ec-cube.net/info/weakness/weakness.php?id=54 | x_refsource_CONFIRM |
| http://jvndb.jvn.jp/jvndb/JVNDB-2013-000104 | third-party-advisoryx_refsource_JVNDB |
Date Public
2013-11-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:41.712Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#61077110",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN61077110/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=54"
},
{
"name": "JVNDB-2013-000104",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000104"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to obtain sensitive information by leveraging incorrect handling of error-log output."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-23T18:10:04.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#61077110",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN61077110/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=54"
},
{
"name": "JVNDB-2013-000104",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000104"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-5991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to obtain sensitive information by leveraging incorrect handling of error-log output."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#61077110",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN61077110/index.html"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=54",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=54"
},
{
"name": "JVNDB-2013-000104",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000104"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-5991",
"datePublished": "2013-11-21T02:00:00.000Z",
"dateReserved": "2013-10-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:29:41.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5996 (GCVE-0-2013-5996)
Vulnerability from cvelistv5 – Published: 2013-11-21 02:00 – Updated: 2024-08-06 17:29
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in shopping/payment.tpl components in LOCKON EC-CUBE 2.11.0 through 2.13.0 allow remote attackers to inject arbitrary web script or HTML via crafted values.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2013-000107 | third-party-advisoryx_refsource_JVNDB |
| http://jvn.jp/en/jp/JVN06377589/index.html | third-party-advisoryx_refsource_JVN |
| http://www.ec-cube.net/info/weakness/weakness.php?id=55 | x_refsource_CONFIRM |
| http://svn.ec-cube.net/open_trac/changeset/23275 | x_refsource_CONFIRM |
Date Public
2013-11-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2013-000107",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000107"
},
{
"name": "JVN#06377589",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN06377589/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=55"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/23275"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in shopping/payment.tpl components in LOCKON EC-CUBE 2.11.0 through 2.13.0 allow remote attackers to inject arbitrary web script or HTML via crafted values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-23T18:10:04.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2013-000107",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000107"
},
{
"name": "JVN#06377589",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN06377589/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=55"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/23275"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-5996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in shopping/payment.tpl components in LOCKON EC-CUBE 2.11.0 through 2.13.0 allow remote attackers to inject arbitrary web script or HTML via crafted values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2013-000107",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000107"
},
{
"name": "JVN#06377589",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN06377589/index.html"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=55",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=55"
},
{
"name": "http://svn.ec-cube.net/open_trac/changeset/23275",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/23275"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-5996",
"datePublished": "2013-11-21T02:00:00.000Z",
"dateReserved": "2013-10-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:29:42.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4702 (GCVE-0-2013-4702)
Vulnerability from cvelistv5 – Published: 2013-08-30 21:00 – Updated: 2024-08-06 16:52
VLAI
Summary
Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbitrary files via vectors involving a (1) Operation, (2) Service, (3) Style, (4) Validate, or (5) Version value.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://osvdb.org/96756 | vdb-entryx_refsource_OSVDB |
| http://jvn.jp/en/jp/JVN15973066/index.html | third-party-advisoryx_refsource_JVN |
| http://www.ec-cube.net/info/weakness/weakness.php?id=50 | x_refsource_CONFIRM |
| http://jvndb.jvn.jp/jvndb/JVNDB-2013-000081 | third-party-advisoryx_refsource_JVNDB |
| http://svn.ec-cube.net/open_trac/changeset/22891 | x_refsource_CONFIRM |
| http://www.ec-cube.net/info/weakness/20130829/index.php | x_refsource_CONFIRM |
Date Public
2013-08-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.004Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96756",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/96756"
},
{
"name": "JVN#15973066",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN15973066/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=50"
},
{
"name": "JVNDB-2013-000081",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000081"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22891"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/20130829/index.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbitrary files via vectors involving a (1) Operation, (2) Service, (3) Style, (4) Validate, or (5) Version value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-12T09:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "96756",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/96756"
},
{
"name": "JVN#15973066",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN15973066/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=50"
},
{
"name": "JVNDB-2013-000081",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000081"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22891"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/20130829/index.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-4702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbitrary files via vectors involving a (1) Operation, (2) Service, (3) Style, (4) Validate, or (5) Version value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96756",
"refsource": "OSVDB",
"url": "http://osvdb.org/96756"
},
{
"name": "JVN#15973066",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN15973066/index.html"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=50",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=50"
},
{
"name": "JVNDB-2013-000081",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000081"
},
{
"name": "http://svn.ec-cube.net/open_trac/changeset/22891",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/22891"
},
{
"name": "http://www.ec-cube.net/info/weakness/20130829/index.php",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/20130829/index.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-4702",
"datePublished": "2013-08-30T21:00:00.000Z",
"dateReserved": "2013-06-26T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:52:27.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3654 (GCVE-0-2013-3654)
Vulnerability from cvelistv5 – Published: 2013-06-29 19:00 – Updated: 2024-09-17 03:54
VLAI
Summary
Directory traversal vulnerability in LOCKON EC-CUBE 2.12.0 through 2.12.4 allows remote attackers to read arbitrary image files via vectors related to data/class/SC_CheckError.php and data/class/SC_FormParam.php, a different vulnerability than CVE-2013-3650.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2013-000065 | third-party-advisoryx_refsource_JVNDB |
| http://www.ec-cube.net/info/weakness/20130626/index.php | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN04161229/index.html | third-party-advisoryx_refsource_JVN |
| http://www.ec-cube.net/info/weakness/weakness.php?id=45 | x_refsource_CONFIRM |
| http://svn.ec-cube.net/open_trac/changeset/22891 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2013-000065",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000065"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"name": "JVN#04161229",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN04161229/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=45"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22891"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in LOCKON EC-CUBE 2.12.0 through 2.12.4 allows remote attackers to read arbitrary image files via vectors related to data/class/SC_CheckError.php and data/class/SC_FormParam.php, a different vulnerability than CVE-2013-3650."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-29T19:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2013-000065",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000065"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"name": "JVN#04161229",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN04161229/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=45"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22891"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-3654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in LOCKON EC-CUBE 2.12.0 through 2.12.4 allows remote attackers to read arbitrary image files via vectors related to data/class/SC_CheckError.php and data/class/SC_FormParam.php, a different vulnerability than CVE-2013-3650."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2013-000065",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000065"
},
{
"name": "http://www.ec-cube.net/info/weakness/20130626/index.php",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"name": "JVN#04161229",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN04161229/index.html"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=45",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=45"
},
{
"name": "http://svn.ec-cube.net/open_trac/changeset/22891",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/22891"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-3654",
"datePublished": "2013-06-29T19:00:00.000Z",
"dateReserved": "2013-05-22T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:54:12.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3651 (GCVE-0-2013-3651)
Vulnerability from cvelistv5 – Published: 2013-06-29 19:00 – Updated: 2024-09-16 18:29
VLAI
Summary
LOCKON EC-CUBE 2.11.2 through 2.12.4 allows remote attackers to conduct unspecified PHP code-injection attacks via a crafted string, related to data/class/SC_CheckError.php and data/class/SC_FormParam.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.ec-cube.net/info/weakness/20130626/index.php | x_refsource_CONFIRM |
| http://svn.ec-cube.net/open_trac/changeset/22891 | x_refsource_CONFIRM |
| http://www.ec-cube.net/info/weakness/weakness.php?id=49 | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN34900750/index.html | third-party-advisoryx_refsource_JVN |
| http://jvndb.jvn.jp/jvndb/JVNDB-2013-000062 | third-party-advisoryx_refsource_JVNDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22891"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=49"
},
{
"name": "JVN#34900750",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN34900750/index.html"
},
{
"name": "JVNDB-2013-000062",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000062"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LOCKON EC-CUBE 2.11.2 through 2.12.4 allows remote attackers to conduct unspecified PHP code-injection attacks via a crafted string, related to data/class/SC_CheckError.php and data/class/SC_FormParam.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-29T19:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22891"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=49"
},
{
"name": "JVN#34900750",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN34900750/index.html"
},
{
"name": "JVNDB-2013-000062",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000062"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-3651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LOCKON EC-CUBE 2.11.2 through 2.12.4 allows remote attackers to conduct unspecified PHP code-injection attacks via a crafted string, related to data/class/SC_CheckError.php and data/class/SC_FormParam.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ec-cube.net/info/weakness/20130626/index.php",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"name": "http://svn.ec-cube.net/open_trac/changeset/22891",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/22891"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=49",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=49"
},
{
"name": "JVN#34900750",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN34900750/index.html"
},
{
"name": "JVNDB-2013-000062",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000062"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-3651",
"datePublished": "2013-06-29T19:00:00.000Z",
"dateReserved": "2013-05-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:29:31.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3650 (GCVE-0-2013-3650)
Vulnerability from cvelistv5 – Published: 2013-06-29 19:00 – Updated: 2024-09-17 01:40
VLAI
Summary
Directory traversal vulnerability in the lfCheckFileName function in data/class/pages/LC_Page_ResizeImage.php in LOCKON EC-CUBE before 2.12.5 allows remote attackers to read arbitrary image files via vectors involving the image parameter to resize_image.php, a different vulnerability than CVE-2013-3654.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.ec-cube.net/info/weakness/20130626/index.php | x_refsource_CONFIRM |
| http://jvndb.jvn.jp/jvndb/JVNDB-2013-000061 | third-party-advisoryx_refsource_JVNDB |
| http://svn.ec-cube.net/open_trac/changeset/22863 | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN43886811/index.html | third-party-advisoryx_refsource_JVN |
| http://www.ec-cube.net/info/weakness/weakness.php?id=48 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"name": "JVNDB-2013-000061",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000061"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22863"
},
{
"name": "JVN#43886811",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN43886811/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=48"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the lfCheckFileName function in data/class/pages/LC_Page_ResizeImage.php in LOCKON EC-CUBE before 2.12.5 allows remote attackers to read arbitrary image files via vectors involving the image parameter to resize_image.php, a different vulnerability than CVE-2013-3654."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-29T19:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"name": "JVNDB-2013-000061",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000061"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22863"
},
{
"name": "JVN#43886811",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN43886811/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=48"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-3650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the lfCheckFileName function in data/class/pages/LC_Page_ResizeImage.php in LOCKON EC-CUBE before 2.12.5 allows remote attackers to read arbitrary image files via vectors involving the image parameter to resize_image.php, a different vulnerability than CVE-2013-3654."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ec-cube.net/info/weakness/20130626/index.php",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"name": "JVNDB-2013-000061",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000061"
},
{
"name": "http://svn.ec-cube.net/open_trac/changeset/22863",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/22863"
},
{
"name": "JVN#43886811",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN43886811/index.html"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=48",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=48"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-3650",
"datePublished": "2013-06-29T19:00:00.000Z",
"dateReserved": "2013-05-22T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:40:45.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3652 (GCVE-0-2013-3652)
Vulnerability from cvelistv5 – Published: 2013-06-29 16:00 – Updated: 2024-09-17 04:24
VLAI
Summary
Cross-site scripting (XSS) vulnerability in data/class/pages/products/LC_Page_Products_List.php in LOCKON EC-CUBE 2.11.0 through 2.12.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving the classcategory_id2 field, a different vulnerability than CVE-2013-3653.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.ec-cube.net/info/weakness/20130626/index.php | x_refsource_CONFIRM |
| http://jvndb.jvn.jp/jvndb/JVNDB-2013-000063 | third-party-advisoryx_refsource_JVNDB |
| http://www.ec-cube.net/info/weakness/weakness.php?id=47 | x_refsource_CONFIRM |
| http://svn.ec-cube.net/open_trac/changeset/22862 | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN07192063/index.html | third-party-advisoryx_refsource_JVN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"name": "JVNDB-2013-000063",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000063"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=47"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22862"
},
{
"name": "JVN#07192063",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN07192063/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in data/class/pages/products/LC_Page_Products_List.php in LOCKON EC-CUBE 2.11.0 through 2.12.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving the classcategory_id2 field, a different vulnerability than CVE-2013-3653."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-29T16:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"name": "JVNDB-2013-000063",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000063"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=47"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22862"
},
{
"name": "JVN#07192063",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN07192063/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-3652",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in data/class/pages/products/LC_Page_Products_List.php in LOCKON EC-CUBE 2.11.0 through 2.12.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving the classcategory_id2 field, a different vulnerability than CVE-2013-3653."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ec-cube.net/info/weakness/20130626/index.php",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"name": "JVNDB-2013-000063",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000063"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=47",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=47"
},
{
"name": "http://svn.ec-cube.net/open_trac/changeset/22862",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/22862"
},
{
"name": "JVN#07192063",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN07192063/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-3652",
"datePublished": "2013-06-29T16:00:00.000Z",
"dateReserved": "2013-05-22T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:24:01.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3653 (GCVE-0-2013-3653)
Vulnerability from cvelistv5 – Published: 2013-06-29 16:00 – Updated: 2024-09-16 16:28
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the RecommendSearch feature in the management screen in LOCKON EC-CUBE before 2.12.5 allow remote attackers to inject arbitrary web script or HTML via vectors involving the rank parameter, a different vulnerability than CVE-2013-3652.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.ec-cube.net/info/weakness/20130626/index.php | x_refsource_CONFIRM |
| http://www.ec-cube.net/info/weakness/weakness.php?id=46 | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN98665228/index.html | third-party-advisoryx_refsource_JVN |
| http://jvndb.jvn.jp/jvndb/JVNDB-2013-000064 | third-party-advisoryx_refsource_JVNDB |
| http://svn.ec-cube.net/open_trac/changeset/22861 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=46"
},
{
"name": "JVN#98665228",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN98665228/index.html"
},
{
"name": "JVNDB-2013-000064",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000064"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22861"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the RecommendSearch feature in the management screen in LOCKON EC-CUBE before 2.12.5 allow remote attackers to inject arbitrary web script or HTML via vectors involving the rank parameter, a different vulnerability than CVE-2013-3652."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-29T16:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=46"
},
{
"name": "JVN#98665228",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN98665228/index.html"
},
{
"name": "JVNDB-2013-000064",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000064"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22861"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-3653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the RecommendSearch feature in the management screen in LOCKON EC-CUBE before 2.12.5 allow remote attackers to inject arbitrary web script or HTML via vectors involving the rank parameter, a different vulnerability than CVE-2013-3652."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ec-cube.net/info/weakness/20130626/index.php",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/20130626/index.php"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=46",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=46"
},
{
"name": "JVN#98665228",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN98665228/index.html"
},
{
"name": "JVNDB-2013-000064",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000064"
},
{
"name": "http://svn.ec-cube.net/open_trac/changeset/22861",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/22861"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-3653",
"datePublished": "2013-06-29T16:00:00.000Z",
"dateReserved": "2013-05-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:28:53.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2313 (GCVE-0-2013-2313)
Vulnerability from cvelistv5 – Published: 2013-05-29 19:00 – Updated: 2024-09-16 20:27
VLAI
Summary
Session fixation vulnerability in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to hijack web sessions via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2013-000042 | third-party-advisoryx_refsource_JVNDB |
| http://www.ec-cube.net/info/weakness/weakness.php?id=40 | x_refsource_CONFIRM |
| http://svn.ec-cube.net/open_trac/changeset/22805 | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN00985872/index.html | third-party-advisoryx_refsource_JVN |
| http://svn.ec-cube.net/open_trac/changeset/22804 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:36:46.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2013-000042",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000042"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=40"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22805"
},
{
"name": "JVN#00985872",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN00985872/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22804"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to hijack web sessions via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-29T19:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2013-000042",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000042"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=40"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22805"
},
{
"name": "JVN#00985872",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN00985872/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22804"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-2313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to hijack web sessions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2013-000042",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000042"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=40",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=40"
},
{
"name": "http://svn.ec-cube.net/open_trac/changeset/22805",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/22805"
},
{
"name": "JVN#00985872",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN00985872/index.html"
},
{
"name": "http://svn.ec-cube.net/open_trac/changeset/22804",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/22804"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-2313",
"datePublished": "2013-05-29T19:00:00.000Z",
"dateReserved": "2013-03-04T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:27:32.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2314 (GCVE-0-2013-2314)
Vulnerability from cvelistv5 – Published: 2013-05-29 19:00 – Updated: 2024-09-17 00:16
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the adminAuthorization function in data/class/helper/SC_Helper_Session.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL associated with the management screen.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://svn.ec-cube.net/open_trac/changeset/22826 | x_refsource_CONFIRM |
| http://www.ec-cube.net/info/weakness/weakness.php?id=42 | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN45306814/index.html | third-party-advisoryx_refsource_JVN |
| http://jvndb.jvn.jp/jvndb/JVNDB-2013-000043 | third-party-advisoryx_refsource_JVNDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:36:45.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22826"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=42"
},
{
"name": "JVN#45306814",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN45306814/index.html"
},
{
"name": "JVNDB-2013-000043",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000043"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the adminAuthorization function in data/class/helper/SC_Helper_Session.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL associated with the management screen."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-29T19:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22826"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=42"
},
{
"name": "JVN#45306814",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN45306814/index.html"
},
{
"name": "JVNDB-2013-000043",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000043"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-2314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the adminAuthorization function in data/class/helper/SC_Helper_Session.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL associated with the management screen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://svn.ec-cube.net/open_trac/changeset/22826",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/22826"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=42",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=42"
},
{
"name": "JVN#45306814",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN45306814/index.html"
},
{
"name": "JVNDB-2013-000043",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000043"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-2314",
"datePublished": "2013-05-29T19:00:00.000Z",
"dateReserved": "2013-03-04T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:16:28.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2315 (GCVE-0-2013-2315)
Vulnerability from cvelistv5 – Published: 2013-05-29 19:00 – Updated: 2024-09-16 17:54
VLAI
Summary
data/class/pages/forgot/LC_Page_Forgot.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 does not properly validate the input to the password reminder function, which allows remote attackers to obtain sensitive information via a crafted request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2013-000044 | third-party-advisoryx_refsource_JVNDB |
| http://www.ec-cube.net/info/weakness/weakness.php?id=43 | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN39699406/index.html | third-party-advisoryx_refsource_JVN |
| http://svn.ec-cube.net/open_trac/changeset/22580 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:36:45.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2013-000044",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000044"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=43"
},
{
"name": "JVN#39699406",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN39699406/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22580"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "data/class/pages/forgot/LC_Page_Forgot.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 does not properly validate the input to the password reminder function, which allows remote attackers to obtain sensitive information via a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-29T19:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2013-000044",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000044"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=43"
},
{
"name": "JVN#39699406",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN39699406/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22580"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-2315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "data/class/pages/forgot/LC_Page_Forgot.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 does not properly validate the input to the password reminder function, which allows remote attackers to obtain sensitive information via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2013-000044",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000044"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=43",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=43"
},
{
"name": "JVN#39699406",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN39699406/index.html"
},
{
"name": "http://svn.ec-cube.net/open_trac/changeset/22580",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/22580"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-2315",
"datePublished": "2013-05-29T19:00:00.000Z",
"dateReserved": "2013-03-04T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:54:49.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2312 (GCVE-0-2013-2312)
Vulnerability from cvelistv5 – Published: 2013-05-29 19:00 – Updated: 2024-09-16 21:03
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the shopping-cart screen in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.ec-cube.net/info/weakness/weakness.php?id=40 | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN52552792/index.html | third-party-advisoryx_refsource_JVN |
| http://jvndb.jvn.jp/jvndb/JVNDB-2013-000041 | third-party-advisoryx_refsource_JVNDB |
| http://svn.ec-cube.net/open_trac/changeset/22604 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:36:46.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=40"
},
{
"name": "JVN#52552792",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN52552792/index.html"
},
{
"name": "JVNDB-2013-000041",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000041"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22604"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the shopping-cart screen in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-29T19:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=40"
},
{
"name": "JVN#52552792",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN52552792/index.html"
},
{
"name": "JVNDB-2013-000041",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000041"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/22604"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-2312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the shopping-cart screen in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=40",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=40"
},
{
"name": "JVN#52552792",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN52552792/index.html"
},
{
"name": "JVNDB-2013-000041",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000041"
},
{
"name": "http://svn.ec-cube.net/open_trac/changeset/22604",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/22604"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-2312",
"datePublished": "2013-05-29T19:00:00.000Z",
"dateReserved": "2013-03-04T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:03:33.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3988 (GCVE-0-2011-3988)
Vulnerability from cvelistv5 – Published: 2011-10-21 18:00 – Updated: 2024-08-06 23:53
VLAI
Summary
SQL injection vulnerability in data/class/SC_Query.php in EC-CUBE 2.11.0 through 2.11.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://svn.ec-cube.net/open_trac/ticket/1502 | x_refsource_CONFIRM |
| http://www.ec-cube.net/info/weakness/weakness.php?id=38 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/50140 | vdb-entryx_refsource_BID |
| http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0… | third-party-advisoryx_refsource_JVNDB |
| http://www.ec-cube.net/release/detail.php?release… | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN44496332/index.html | third-party-advisoryx_refsource_JVN |
| http://osvdb.org/76399 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/46446 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2011-10-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.ec-cube.net/open_trac/ticket/1502"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=38"
},
{
"name": "eccube-scquery-sql-injection(70625)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70625"
},
{
"name": "50140",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50140"
},
{
"name": "JVNDB-2011-000087",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000087.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/release/detail.php?release_id=286"
},
{
"name": "JVN#44496332",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN44496332/index.html"
},
{
"name": "76399",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/76399"
},
{
"name": "46446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46446"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in data/class/SC_Query.php in EC-CUBE 2.11.0 through 2.11.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.ec-cube.net/open_trac/ticket/1502"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=38"
},
{
"name": "eccube-scquery-sql-injection(70625)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70625"
},
{
"name": "50140",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50140"
},
{
"name": "JVNDB-2011-000087",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000087.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/release/detail.php?release_id=286"
},
{
"name": "JVN#44496332",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN44496332/index.html"
},
{
"name": "76399",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/76399"
},
{
"name": "46446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46446"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-3988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in data/class/SC_Query.php in EC-CUBE 2.11.0 through 2.11.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://svn.ec-cube.net/open_trac/ticket/1502",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/ticket/1502"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=38",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=38"
},
{
"name": "eccube-scquery-sql-injection(70625)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70625"
},
{
"name": "50140",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50140"
},
{
"name": "JVNDB-2011-000087",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000087.html"
},
{
"name": "http://www.ec-cube.net/release/detail.php?release_id=286",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/release/detail.php?release_id=286"
},
{
"name": "JVN#44496332",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN44496332/index.html"
},
{
"name": "76399",
"refsource": "OSVDB",
"url": "http://osvdb.org/76399"
},
{
"name": "46446",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46446"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2011-3988",
"datePublished": "2011-10-21T18:00:00.000Z",
"dateReserved": "2011-10-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:53:32.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1325 (GCVE-0-2011-1325)
Vulnerability from cvelistv5 – Published: 2011-05-13 17:00 – Updated: 2024-09-17 04:24
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in EC-CUBE before 2.11.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2011-000029 | third-party-advisoryx_refsource_JVNDB |
| http://secunia.com/advisories/44487 | third-party-advisoryx_refsource_SECUNIA |
| http://jvn.jp/en/jp/JVN37878530/index.html | third-party-advisoryx_refsource_JVN |
| http://www.osvdb.org/72239 | vdb-entryx_refsource_OSVDB |
| http://www.ec-cube.net/press/detail.php?press_id=114 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:21:34.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2011-000029",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000029"
},
{
"name": "44487",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44487"
},
{
"name": "JVN#37878530",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN37878530/index.html"
},
{
"name": "72239",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/72239"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ec-cube.net/press/detail.php?press_id=114"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in EC-CUBE before 2.11.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-05-13T17:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2011-000029",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000029"
},
{
"name": "44487",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44487"
},
{
"name": "JVN#37878530",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN37878530/index.html"
},
{
"name": "72239",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/72239"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ec-cube.net/press/detail.php?press_id=114"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-1325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in EC-CUBE before 2.11.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2011-000029",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000029"
},
{
"name": "44487",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44487"
},
{
"name": "JVN#37878530",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN37878530/index.html"
},
{
"name": "72239",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/72239"
},
{
"name": "http://www.ec-cube.net/press/detail.php?press_id=114",
"refsource": "MISC",
"url": "http://www.ec-cube.net/press/detail.php?press_id=114"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2011-1325",
"datePublished": "2011-05-13T17:00:00.000Z",
"dateReserved": "2011-03-09T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:24:35.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0451 (GCVE-0-2011-0451)
Vulnerability from cvelistv5 – Published: 2011-02-03 15:00 – Updated: 2024-08-06 21:51
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in (1) data/Smarty/templates/default/list.tpl and (2) data/Smarty/templates/default/campaign/bloc/cart_tag.tpl in EC-CUBE before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN84393059/index.html | third-party-advisoryx_refsource_JVN |
| http://secunia.com/advisories/43153 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/46100 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://svn.ec-cube.net/open_trac/changeset/18742 | x_refsource_CONFIRM |
| http://www.ec-cube.net/info/weakness/weakness.php?id=36 | x_refsource_CONFIRM |
| http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-0… | third-party-advisoryx_refsource_JVNDB |
Date Public
2010-06-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:08.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#84393059",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN84393059/index.html"
},
{
"name": "43153",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43153"
},
{
"name": "46100",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46100"
},
{
"name": "ec-cube-list-xss(65079)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65079"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/18742"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=36"
},
{
"name": "JVNDB-2011-000011",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) data/Smarty/templates/default/list.tpl and (2) data/Smarty/templates/default/campaign/bloc/cart_tag.tpl in EC-CUBE before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#84393059",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN84393059/index.html"
},
{
"name": "43153",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43153"
},
{
"name": "46100",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46100"
},
{
"name": "ec-cube-list-xss(65079)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65079"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.ec-cube.net/open_trac/changeset/18742"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=36"
},
{
"name": "JVNDB-2011-000011",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000011.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-0451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) data/Smarty/templates/default/list.tpl and (2) data/Smarty/templates/default/campaign/bloc/cart_tag.tpl in EC-CUBE before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#84393059",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN84393059/index.html"
},
{
"name": "43153",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43153"
},
{
"name": "46100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46100"
},
{
"name": "ec-cube-list-xss(65079)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65079"
},
{
"name": "http://svn.ec-cube.net/open_trac/changeset/18742",
"refsource": "CONFIRM",
"url": "http://svn.ec-cube.net/open_trac/changeset/18742"
},
{
"name": "http://www.ec-cube.net/info/weakness/weakness.php?id=36",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/weakness/weakness.php?id=36"
},
{
"name": "JVNDB-2011-000011",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000011.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2011-0451",
"datePublished": "2011-02-03T15:00:00.000Z",
"dateReserved": "2011-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:51:08.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}