CVE-2011-0451

Lockon Ec-cube < 2.4.3 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in (1) data/Smarty/templates/default/list.tpl and (2) data/Smarty/templates/default/campaign/bloc/cart_tag.tpl in EC-CUBE before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (7)

Scores

EPSS 0.0041
EPSS Percentile 60.8%

Classification

CWE
CWE-79
Status published

Affected Products (44)

lockon/ec-cube < 2.4.3
lockon/ec-cube
lockon/ec-cube
lockon/ec-cube
lockon/ec-cube
lockon/ec-cube
lockon/ec-cube
lockon/ec-cube
lockon/ec-cube
lockon/ec-cube
lockon/ec-cube
lockon/ec-cube
lockon/ec-cube
lockon/ec-cube
lockon/ec-cube
... and 29 more

Timeline

Published Feb 03, 2011
Tracked Since Feb 18, 2026