JVN iPedia

Database Search

Keyword search:	How to use Search
With Synonym:

Vendor:
Product:
Date Public:	/ - /
Date Last Updated:	/ - /
CVSS Severity (CVSSv3):	Critical:(9.0-10.0) High:(7.0-8.9) Medium:(4.0-6.9) Low:(0.1-3.9) None:(0)
CVSS Severity (CVSSv2):	High:(7.0-10.0) Medium:(4.0-6.9) Low:(0.0-3.9)
CWE:	What is CWE?

※「Vendor/Product search」button is available only in the Microsoft Edge(ie mode).

Results 1-61 of 61

ID	Title	CVSSv3	CVSSv2	Date Public	Date Last Updated
JVNDB-2023-000107 (JVN#29195731)	EC-CUBE 3 series and 4 series vulnerable to arbitrary code execution	7.2	6.5	2023/11/07	2023/11/07
JVNDB-2023-000082 (JVN#46993816)	EC-CUBE 2 series vulnerable to cross-site scripting	4.8	2.1	2023/08/17	2024/03/25
JVNDB-2023-000038 (JVN#50862842)	EC-CUBE plugin "NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series)" vulnerable to authentication bypass	5.3	5.0	2023/04/19	2023/04/19
JVNDB-2023-000019 (JVN#04785663)	Multiple cross-site scripting vulnerabilities in EC-CUBE	5.4	3.5	2023/02/28	2023/02/28
JVNDB-2022-000073 (JVN#21213852)	Multiple vulnerabilities in EC-CUBE	2.7	4.0	2022/09/15	2022/09/21
JVNDB-2022-000072 (JVN#30900552)	EC-CUBE plugin "Product Image Bulk Upload Plugin" vulnerable to insufficient verification in uploading files	6.3	5.1	2022/09/15	2022/09/15
JVNDB-2022-000034 (JVN#46241173)	EC-CUBE plugin "Easy Blog for EC-CUBE4" vulnerable to cross-site request forgery	4.3	2.6	2022/05/13	2022/05/13
JVNDB-2022-000015 (JVN#53871926)	EC-CUBE improperly handles HTTP Host header values	3.1	2.6	2022/02/22	2022/02/22
JVNDB-2022-000013 (JVN#67108459)	EC-CUBE plugin "Mail Magazine Management Plugin" vulnerable to cross-site request forgery	3.1	2.6	2022/02/22	2022/02/22
JVNDB-2021-000100 (JVN#75444925)	Multiple vulnerabilities in EC-CUBE 2 series	4.3	4.0	2021/11/11	2021/11/11
JVNDB-2021-000083 (JVN#23406150)	EC-CUBE plugin "Order Status Batch Change Plug-in" vulnerable to cross-site scripting	6.1	4.3	2021/09/16	2021/09/16
JVNDB-2021-000082 (JVN#46313661)	EC-CUBE plugin "List (order management) item change plug-in" vulnerable to cross-site scripting	6.1	4.3	2021/09/13	2021/09/13
JVNDB-2021-000059 (JVN#57942445)	EC-CUBE fails to restrict access permissions	7.5	5.0	2021/07/01	2021/07/01
JVNDB-2021-000057 (JVN#95292458)	Multiple cross-site scripting vulnerabilities in EC-CUBE	6.1	2.6	2021/06/23	2021/06/23
JVNDB-2021-000051 (JVN#57524494)	Multiple cross-site scripting vulnerabilities in multiple EC-CUBE plugins provided by EC-CUBE	7.1	6.8	2021/06/16	2021/06/16
JVNDB-2021-000049 (JVN#79254445)	Multiple ETUNA EC-CUBE plugins vulnerable to cross-site scripting	6.1	4.3	2021/06/15	2021/06/16
JVNDB-2021-000035 (JVN#97554111)	EC-CUBE vulnerable to cross-site scripting	7.1	6.8	2021/05/10	2021/05/10
JVNDB-2020-000080 (JVN#24457594)	Multiple vulnerabilities in EC-CUBE	5.3	5.0	2020/12/03	2020/12/03
JVNDB-2020-000039 (JVN#77458946)	EC-CUBE vulnerable to directory traversal	4.3	3.5	2020/06/18	2020/06/18
JVNDB-2019-000063 (JVN#59436681)	Multiple vulnerabilities in EC-CUBE module "REMISE Payment module (2.11, 2.12 and 2.13)"	5.3	5.0	2019/10/07	2019/10/07
JVNDB-2019-000051 (JVN#29343839)	EC-CUBE plugin "Amazon Pay Plugin 2.12,2.13" vulnerable to cross-site scripting	6.1	2.6	2019/08/07	2019/08/07
JVNDB-2018-000127 (JVN#25359688)	EC-CUBE vulnerable to open redirect	4.7	2.6	2018/11/28	2019/08/28
JVNDB-2018-000086 (JVN#06372244)	Multiple vulnerabilities in EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE	3.8	3.5	2018/08/09	2018/08/09
JVNDB-2018-000035 (JVN#52695336)	EC-CUBE vulnerable to session fixation	4.2	5.8	2018/04/17	2018/08/22
JVNDB-2016-000130 (JVN#40696431)	EC-CUBE plugin "Coupon Plugin" vulnerable to SQL injection	6.5	6.4	2016/07/22	2016/08/04
JVNDB-2016-000057 (JVN#63384827)	Multiple shiro8 Co., Ltd. freearea_ addition_plugins for EC-CUBE vulnerable to cross-site scripting	6.1	2.6	2016/04/26	2016/05/25
JVNDB-2016-000053 (JVN#73776243)	EC-CUBE vulnerable to cross-site request forgery	4.3	2.6	2016/04/26	2016/05/31
JVNDB-2016-000052 (JVN#11458774)	EC-CUBE fails to restrict access permissions	5.4	5.5	2016/04/26	2016/05/31
JVNDB-2016-000051 (JVN#47473944)	EC-CUBE fails to restrict access permissions	5.3	5.0	2016/04/26	2016/05/31
JVNDB-2016-000048 (JVN#78482127)	EC-CUBE plugin "Social-button Plugin Premium" and "Social-button Plugin" vulnerable to cross-site scripting	6.1	4.3	2016/04/08	2016/05/06
JVNDB-2016-000027 (JVN#31524757)	EC-CUBE plugin "Help plug-in" vulnerable to SQL injection	7.3	7.5	2016/02/19	2016/03/03
JVNDB-2015-000190 (JVN#55545372)	EC-CUBE plugin BbAdminViewsControl vulnerable to SQL injection	5.4	5.5	2015/12/03	2016/07/07
JVNDB-2015-000166 (JVN#97278546)	EC-CUBE vulnerable to cross-site request forgery	-	5.1	2015/10/26	2015/11/13
JVNDB-2014-000006 (JVN#51770585)	EC-CUBE vulnerable to authorization bypass	-	5.0	2014/01/22	2024/03/28
JVNDB-2014-000005 (JVN#17849447)	EC-CUBE vulnerable to information alteration	-	5.0	2014/01/22	2014/01/27
JVNDB-2013-000107 (JVN#06377589)	EC-CUBE vulnerable to cross-site scripting	-	4.3	2013/11/20	2013/11/22
JVNDB-2013-000106 (JVN#55630933)	EC-CUBE information disclosure vulnerability	-	5.5	2013/11/20	2013/11/22
JVNDB-2013-000105 (JVN#38790987)	EC-CUBE vulnerable to cross-site scripting	-	2.6	2013/11/20	2013/11/22
JVNDB-2013-000104 (JVN#61077110)	EC-CUBE vulnerable to information disclosure	-	4.3	2013/11/20	2013/11/22
JVNDB-2013-000098 (JVN#06870202)	EC-CUBE information disclosure vulnerability	-	5.0	2013/11/20	2013/11/22
JVNDB-2013-000097 (JVN#11221613)	EC-CUBE vulnerable to cross-site request forgery	-	2.6	2013/11/20	2013/11/22
JVNDB-2013-000081 (JVN#15973066)	EC-CUBE vulnerable to directory traversal when used in Windows	-	5.0	2013/08/30	2013/09/02
JVNDB-2013-000065 (JVN#04161229)	EC-CUBE vulnerable to directory traversal	-	5.0	2013/06/27	2013/07/02
JVNDB-2013-000064 (JVN#98665228)	EC-CUBE vulnerable to cross-site scripting	-	2.6	2013/06/27	2013/07/02
JVNDB-2013-000063 (JVN#07192063)	EC-CUBE vulnerable to cross-site scripting	-	4.3	2013/06/27	2013/07/02
JVNDB-2013-000062 (JVN#34900750)	EC-CUBE vulnerable to code injection	-	7.5	2013/06/27	2013/07/02
JVNDB-2013-000061 (JVN#43886811)	EC-CUBE vulnerable to directory traversal	-	5.0	2013/06/27	2013/07/02
JVNDB-2013-000044 (JVN#39699406)	EC-CUBE vulnerable to information disclosure as a result of improper input checking	-	5.0	2013/05/23	2013/05/23
JVNDB-2013-000043 (JVN#45306814)	EC-CUBE fails to restrict access permissions	-	6.4	2013/05/23	2013/06/03
JVNDB-2013-000042 (JVN#00985872)	EC-CUBE vulnerable to session fixation	-	4.0	2013/05/23	2013/05/23
JVNDB-2013-000041 (JVN#52552792)	EC-CUBE vulnerable to cross-site scripting	-	4.3	2013/05/23	2013/05/23
JVNDB-2011-000087 (JVN#44496332)	EC-CUBE vulnerable to SQL injection	-	5.0	2011/10/14	2011/10/14
JVNDB-2011-000029 (JVN#37878530)	EC-CUBE vulnerable to cross-site request forgery	-	2.6	2011/05/10	2011/05/11
JVNDB-2011-000011 (JVN#84393059)	EC-CUBE vulnerable to cross-site scripting	-	4.3	2011/02/02	2011/02/02
JVNDB-2009-000078 (JVN#79762947)	EC-CUBE information disclosure vulnerability	-	5.0	2009/12/07	2009/12/07
JVNDB-2008-000075 (JVN#19072922)	EC-CUBE vulnerable to SQL injection	-	7.5	2008/11/06	2009/06/25
JVNDB-2008-000065 (JVN#81111541)	EC-CUBE vulnerable to SQL injection	-	7.5	2008/10/01	2008/10/01
JVNDB-2008-000064 (JVN#99916563)	EC-CUBE cross-site scripting vulnerability	-	4.3	2008/10/01	2008/10/01
JVNDB-2008-000063 (JVN#36085487)	EC-CUBE cross-site scripting vulnerability	-	4.3	2008/10/01	2008/10/01
JVNDB-2008-000062 (JVN#26621646)	EC-CUBE cross-site scripting vulnerability	-	4.3	2008/10/01	2008/10/01
JVNDB-2006-000781 (JVN#61543834)	EC-CUBE cross-site scripting vulnerability	-	4.3	2006/11/17	2008/05/21

Results 1-61 of 61