CVE-2024-41141

Published: Jul 30, 2024

Modified: Nov 6, 2024

PUBLISHED

Description

Stored cross-site scripting vulnerability exists in EC-CUBE Web API Plugin. When there are multiple users using OAuth Management feature and one of them inputs some crafted value on the OAuth Management page, an arbitrary script may be executed on the web browser of the other user who accessed the management page.

Vendor	Product	Versions
EC-CUBE CO.,LTD.	EC-CUBE Web API Plugin	affected `1.0.0 and 2.1.0 to 2.1.3 (for EC-CUBE 4.0/4.1 series)`
EC-CUBE CO.,LTD.	EC-CUBE Web API Plugin (4.2 series)	affected `4.2.0 to 4.2.3 (for EC-CUBE 4.2 series)`

References

https://www.ec-cube.net/info/weakness/20240701/web_api_plugin.php

https://jvn.jp/en/jp/JVN26225832/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-41141

Description

Affected Products

References