Cross-site scripting (XSS) vulnerability in the shiro8 (1) category_freearea_ addition_plugin plugin 1.0 and (2) itemdetail_freearea_ addition_plugin plugin 1.0 for EC-CUBE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N
Vendors Products
Shiro8
  • Category Freearea Addition
  • Itemdetail Freearea Addition

Configuration 1 [-]

OR cpe:2.3:a:shiro8:category_freearea_addition:1.0:*:*:*:*:ec-cube:*:*
cpe:2.3:a:shiro8:itemdetail_freearea_addition:1.0:*:*:*:*:ec-cube:*:*
References
Link Resource
http://jvn.jp/en/jp/JVN63384827/index.html Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000057 Vendor Advisory
http://www.ec-cube.net/products/detail.php?product_id=505 Vendor Advisory
http://www.securityfocus.com/bid/88872
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: jpcert

Published: 2016-04-28T01:00:00

Updated: 2016-11-25T19:57:01

Reserved: 2015-12-26T00:00:00

Link: CVE-2016-1205

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2016-04-28T01:59:01.693

Modified: 2016-11-28T19:58:23.867

Link: CVE-2016-1205

JSON object: View

cve-icon Redhat Information

No data.

CWE