关键信息 漏洞编号: JVN#26621646 漏洞类型: Cross-site scripting vulnerability 发布日期: 2008/10/01 受影响产品: - EC-CUBE Ver1 Version 1.4.6 and earlier - EC-CUBE Ver1 Beta Version 1.5.0-beta and earlier - EC-CUBE Ver2 Version 2.1.2a and earlier - EC-CUBE Ver2 Beta(RC) Version 2.1.1-beta and earlier - EC-CUBE Community Edition 1.3.4 and earlier - EC-CUBE Community Edition Nightly-Build r17336 and earlier 影响: - An arbitrary script could be executed on the user’s web browser. 解决方案: - Update the software by applying the latest updates provided by the vendor. 厂商状态: - Vendor: LOCKON CO., LTD. - Status: Vulnerable 漏洞分析 (JPCERT/CC): - Access Required: High - can be attacked over the Internet using packets - Authentication: High - anonymous authentication allowed - User Interaction Required: Medium - user must be convinced to take action - Exploit Complexity: High - simple script execution CVE ID: CVE-2008-4537 JVNDB ID: JVNDB-2008-000062