Browse all 26 CVE security advisories affecting EC-CUBE CO.,LTD.. AI-powered Chinese analysis, POCs, and references for each vulnerability.
EC-CUBE CO.,LTD. develops an open-source e-commerce platform primarily used by small to medium-sized businesses in Japan to manage online stores. The software’s architecture, built on PHP and Symfony components, has historically exposed users to critical security flaws. Recent vulnerability records indicate a prevalence of Remote Code Execution (RCE) and Cross-Site Scripting (XSS) issues, often stemming from insufficient input validation and improper session management. Additionally, several instances of broken access control and privilege escalation have been documented, allowing unauthorized users to manipulate administrative functions or access sensitive customer data. These recurring defects highlight challenges in maintaining rigorous code review standards across frequent updates. While the company provides patches, the high volume of Common Vulnerabilities and Exposures (CVEs) suggests systemic weaknesses in the application’s security lifecycle, requiring administrators to prioritize immediate updates and strict configuration hardening to mitigate potential exploitation risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-30777 | EC-CUBE 安全漏洞 — EC-CUBE 4.1 seriesCWE-288 | 7.2 | - | 2026-03-05 |
| CVE-2024-41924 | EC-CUBE 安全漏洞 — EC-CUBE 4 series | 7.2AI | HighAI | 2024-07-30 |
| CVE-2024-41141 | EC-CUBE Web API Plugin 安全漏洞 — EC-CUBE Web API Plugin | 5.4AI | MediumAI | 2024-07-30 |
| CVE-2023-46845 | EC-CUBE 安全漏洞 — EC-CUBE 4 series | 7.2 | - | 2023-11-07 |
| CVE-2023-40281 | EC-CUBE 跨站脚本漏洞 — EC-CUBE 2 series | 4.8 | - | 2023-08-17 |
| CVE-2023-25077 | EC-CUBE 跨站脚本漏洞 — EC-CUBE 4 series | 5.4 | - | 2023-03-05 |
| CVE-2023-22838 | EC-CUBE 跨站脚本漏洞 — EC-CUBE 4 series | 5.4 | - | 2023-03-05 |
| CVE-2023-22438 | EC-CUBE 跨站脚本漏洞 — EC-CUBE 4 series, EC-CUBE 3 series, and EC-CUBE 2 series | 5.4 | - | 2023-03-05 |
| CVE-2022-40199 | EC-CUBE 路径遍历漏洞 — EC-CUBE 3 series and EC-CUBE 4 series | 2.7 | - | 2022-09-27 |
| CVE-2022-38975 | EC-CUBE 跨站脚本漏洞 — EC-CUBE 4 series | 4.8 | - | 2022-09-27 |
| CVE-2022-37346 | EC-CUBE 代码问题漏洞 — Product Image Bulk Upload Plugin | 9.8 | - | 2022-09-27 |
| CVE-2022-25355 | EC-CUBE 安全漏洞 — EC-CUBE 3 series and EC-CUBE 4 series | 5.3 | - | 2022-02-24 |
| CVE-2022-21179 | Ec-cube 跨站请求伪造漏洞 — EC-CUBE plugin 'Mail Magazine Management Plugin' | 7.1 | - | 2022-02-24 |
| CVE-2021-20842 | Ec-cube 跨站请求伪造漏洞 — EC-CUBE 2 series | 8.1 | - | 2021-11-24 |
| CVE-2021-20841 | EC-CUBE 安全漏洞 — EC-CUBE 2 series | 6.5 | - | 2021-11-24 |
| CVE-2021-20778 | Ec-cube 访问控制错误漏洞 — EC-CUBE | 5.3 | - | 2021-07-01 |
| CVE-2021-20751 | Ec-cube 跨站脚本漏洞 — EC-CUBE | 6.1 | - | 2021-06-28 |
| CVE-2021-20750 | Ec-cube 跨站脚本漏洞 — EC-CUBE | 6.1 | - | 2021-06-28 |
| CVE-2021-20744 | Ec-cube 跨站脚本漏洞 — EC-CUBE Category contents plugin (for EC-CUBE 3.0 series) | 6.1 | - | 2021-06-22 |
| CVE-2021-20743 | Ec-cube 跨站脚本漏洞 — EC-CUBE Email newsletters management plugin (for EC-CUBE 3.0 series) | 6.1 | - | 2021-06-22 |
| CVE-2021-20742 | Ec-cube 跨站脚本漏洞 — EC-CUBE Business form output plugin (for EC-CUBE 3.0 series) | 6.1 | - | 2021-06-22 |
| CVE-2021-20717 | Ec-cube 跨站脚本漏洞 — EC-CUBE | 6.1 | - | 2021-05-10 |
| CVE-2020-5680 | Ec-cube 输入验证错误漏洞 — EC-CUBE | 7.5 | - | 2020-12-03 |
| CVE-2020-5679 | Ec-cube 安全漏洞 — EC-CUBE | 6.1 | - | 2020-12-03 |
| CVE-2020-5590 | EC-CUBE 路径遍历漏洞 — EC-CUBE | 8.1 | - | 2020-06-19 |
| CVE-2014-0808 | LOCKON EC-CUBE‘lfCheckError’函数安全漏洞 — EC-CUBE | 5.3 | - | 2014-01-22 |
This page lists every published CVE security advisory associated with EC-CUBE CO.,LTD.. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.