CVE Record: CVE-2013-3652

Required CVE Record Information

Description

Cross-site scripting (XSS) vulnerability in data/class/pages/products/LC_Page_Products_List.php in LOCKON EC-CUBE 2.11.0 through 2.12.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving the classcategory_id2 field, a different vulnerability than CVE-2013-3653.

Product Status

Learn more

Information not provided

References 5 Total

http://www.ec-cube.net/info/weakness/20130626/index.php
external site
jvndb.jvn.jp: JVNDB-2013-000063
external site
third-party-advisory
http://www.ec-cube.net/info/weakness/weakness.php?id=47
external site
http://svn.ec-cube.net/open_trac/changeset/22862
external site
jvn.jp: JVN#07192063
external site
third-party-advisory

Updated: 2024-08-06

This container includes required additional information provided by the CVE Program for this vulnerability.

References 5 Total

http://www.ec-cube.net/info/weakness/20130626/index.php
external site
x_transferred
jvndb.jvn.jp: JVNDB-2013-000063
external site
third-party-advisoryx_transferred
http://www.ec-cube.net/info/weakness/weakness.php?id=47
external site
x_transferred
http://svn.ec-cube.net/open_trac/changeset/22862
external site
x_transferred
jvn.jp: JVN#07192063
external site
third-party-advisoryx_transferred

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: JPCERT/CC

Description

Product Status

References 5 Total

CVE Program

References 5 Total