Cross-Site Scripting Vulnerability in EC-CUBE Web API Plugin
CVE-2024-41141

Currently unrated

Key Information:

Vendor

Ec-cube Co.,ltd.

Status
Ec-cube Web Api Plugin
Ec-cube Web Api Plugin (4.2 Series)
Vendor
CVE Published:
30 July 2024

What is CVE-2024-41141?

Stored cross-site scripting vulnerability exists in EC-CUBE Web API Plugin. When there are multiple users using OAuth Management feature and one of them inputs some crafted value on the OAuth Management page, an arbitrary script may be executed on the web browser of the other user who accessed the management page.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

EC-CUBE Web API Plugin 1.0.0 and 2.1.0 to 2.1.3 (for EC-CUBE 4.0/4.1 series)

EC-CUBE Web API Plugin (4.2 series) 4.2.0 to 4.2.3 (for EC-CUBE 4.2 series)

References

https://www.ec-cube.net/info/weakness/20240701/web_api_pl...
https://jvn.jp/en/jp/JVN26225832/

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.