EC-CUBE Plugin freearea_addition_plugins XSS Vulnerability (CVE-2016-1205)

Below is the key vulnerability information extracted from the web screenshot: Vulnerability ID: JVNDB-2016-000057 Risk Description: Multiple freearea_addition_plugins provided by shiro8 Co., Ltd. for EC-CUBE are vulnerable to Cross-Site Scripting (XSS) attacks (CWE-79). CVSS Score: - CVSS V3.1 Base Metrics: 6.1 (Medium) [IPA] - Attack Vector: Network - Attack Complexity: Low - Required Privileges: None - User Interaction: Required - Scope: Changed - Confidentiality: Low - Integrity: Low - Availability: None - CVSS V2 Base Metrics: 2.6 (Low) [IPA] - Access Vector: Network - Access Complexity: High - Authentication: None - Confidentiality: None - Integrity: Partial - Availability: None Affected Products: - shiro8.net - version 1.0 - version 1.0 Impact: Arbitrary scripts can be executed in the browser of logged-in users. Solution: - [Update Software] - Update to the latest version as provided by the vendor. Vendor Information: shiro8.net CVE/CWE Information: - CWE: 79 - Cross-Site Scripting (XSS) - CVE: CVE-2016-1205 References: - JVN: JVN#63384827 - National Vulnerability Database (NVD): CVE-2016-1205 Update History: - [2016/04/26] - Webpage published - [2016/05/25] - References: Content added Release Date: 2016/04/26 Initial Release Date: 2016/04/26 Last Updated Date: 2016/05/25

Goal Reached Thanks to every supporter — we hit 100%!

EC-CUBE Plugin freearea_addition_plugins XSS Vulnerability (CVE-2016-1205)