{"id":"CVE-2023-22438","details":"Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), and EC-CUBE 2 series (EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, and EC-CUBE 2.17.0 to 2.17.2) allows a remote authenticated attacker to inject an arbitrary script.","modified":"2026-04-10T04:55:22.761619Z","published":"2023-03-06T00:15:10.767Z","references":[{"type":"ADVISORY","url":"https://jvn.jp/en/jp/JVN04785663/"},{"type":"FIX","url":"https://www.ec-cube.net/info/weakness/20230214/index_2.php"},{"type":"FIX","url":"https://www.ec-cube.net/info/weakness/20230214/index_3.php"},{"type":"FIX","url":"https://www.ec-cube.net/info/weakness/20230214/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ec-cube/ec-cube","events":[{"introduced":"1004363cf13cc929c0e077c0ac849a6d3c8c10bb"},{"last_affected":"13dfb352e47c6f231ead5e5b62dc0ec11e354789"},{"introduced":"e2547e2d1775ceacd7c73e1b72d5512efcdb45e7"},{"last_affected":"92fe8f744181641bb8ce0db28b988b089004fbfa"},{"introduced":"4ef1c4f8d51fd9d54a704300a26c65a278dc697a"},{"last_affected":"525aaa9f44407903f5cc20b371a5dd199ddae549"},{"introduced":"00ef39551273847cff9b737f98f120a50d4320cc"},{"last_affected":"c6838851eade4903e90a0d4294f8342f2178e067"},{"introduced":"5d02dde61f824fb9e264d003f59afc4663811567"},{"last_affected":"710b64ce96786770fe59ba8255ff16925171f172"},{"introduced":"0"},{"last_affected":"8d81525bfe50caf159d9a4fb31124f479c6b658e"},{"introduced":"0"},{"last_affected":"70de60feb792923ef751f2876add23f612777fa0"},{"introduced":"0"},{"last_affected":"56786c9bb456ad52fa1f3b16dd9e675cc4a480fa"},{"introduced":"0"},{"last_affected":"0fbb7b3a340c75f2860123d5e01d706f8a15127b"}],"database_specific":{"versions":[{"introduced":"2.11.0"},{"last_affected":"2.11.5"},{"introduced":"2.12.0"},{"last_affected":"2.12.6"},{"introduced":"3.0.0"},{"last_affected":"3.0.18"},{"introduced":"4.0.0"},{"last_affected":"4.0.6"},{"introduced":"4.1.0"},{"last_affected":"4.1.2"},{"introduced":"0"},{"last_affected":"4.0.6-p1"},{"introduced":"0"},{"last_affected":"4.0.6-p2"},{"introduced":"0"},{"last_affected":"4.1.2-p1"},{"introduced":"0"},{"last_affected":"4.2.0"}]}},{"type":"GIT","repo":"https://github.com/ec-cube/ec-cube2","events":[{"introduced":"9d428d236baa44358f56a38b3ba336222535f7fd"},{"last_affected":"25e9c8c90ed17ce6857b78570e403bfa11095941"},{"introduced":"0f4bf44ed1980ed45b18fc4dfa1543f51c57c48e"},{"last_affected":"eb43f49065a0e5f6c5367a5d2ae5fd994a5e3bb5"}],"database_specific":{"versions":[{"introduced":"2.13.0"},{"last_affected":"2.13.5"},{"introduced":"2.17.0"},{"last_affected":"2.17.2"}]}},{"type":"GIT","repo":"https://github.com/ec-cube/ec-cube3","events":[{"introduced":"0"},{"last_affected":"14cd0cf79cec92be106bccb26eb3b84146b75876"},{"introduced":"0"},{"last_affected":"c0cbef490ebc9e9a9b1c54bf13c8296d17862d4d"},{"introduced":"0"},{"last_affected":"20465ad72bdb3e9342c903846c86c7a70805e58c"},{"introduced":"0"},{"last_affected":"8359822a04ce1db587adfcec4bbabdfb147b0493"},{"introduced":"0"},{"last_affected":"9aeaab66eba8c15c60e29cbb8f61317388c86c59"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.0.18-p1"},{"introduced":"0"},{"last_affected":"3.0.18-p2"},{"introduced":"0"},{"last_affected":"3.0.18-p3"},{"introduced":"0"},{"last_affected":"3.0.18-p4"},{"introduced":"0"},{"last_affected":"3.0.18-p5"}]}}],"versions":["3.0.0","3.0.0-beta0","3.0.0-beta1","3.0.0-beta2","3.0.0-beta3","3.0.0-beta4","3.0.1","3.0.10","3.0.11","3.0.11-RC","3.0.11-pre","3.0.12","3.0.12-p1","3.0.13","3.0.14","3.0.15","3.0.16","3.0.17","3.0.18","3.0.18-p1","3.0.18-p2","3.0.18-p3","3.0.18-p4","3.0.18-p5","3.0.2","3.0.3","3.0.5","3.0.6","3.0.7","3.0.8","3.0.9","4.0.0","4.0.1","4.0.2","4.0.3","4.0.4","4.0.5","4.0.5-p1","4.0.5-rc","4.0.6","4.0.6-p1","4.0.6-p2","4.1.0","4.1.1","4.1.1-20211130","4.1.2","4.1.2-20220128","4.1.2-20220203","4.1.2-p1","4.2.0","4.2.0-alpha","4.2.0-beta","4.2.0-beta-20220630","4.2.0-beta-20220722","4.2.0-beta-20220802","4.2.0-beta2","4.2.0-beta2-20220810","4.2.0-beta2-20220824","4.2.0-beta2-20220825","4.2.0-beta2-20220826","4.2.0-beta2-20220829","4.2.0-beta2-20220905","4.2.0-beta2-20220916","4.2.0-rc","co/20190306","co/20190313","co/20190404","co/20190417","co/20190508","co/20190613","co/20190710","co/20190718","co/20190808","co/20190822","co/20190829","co/20190905","co/20190912","co/20190930","co/20191017","co/20191031","co/20191114","co/20191128","co/20191212","co/4.1-20211111","co/4.1-20211118","co/4.1-20211125","co/4.1-20211202","co/4.1-20220210","co/4.1-20220217","co/4.1-20220421","co/4.1-20220512","co/4.1-20220526","eccube-2.11.5","eccube-2.12.6en","eccube-2.17.0","eccube-2.17.1","eccube-2.17.1-RC","eccube-2.17.2","eccube-3.0.0-alpha","eccube2-weekly-20201110","eccube2-weekly-20201117","eccube2-weekly-20201124","eccube2-weekly-20201201","eccube2-weekly-20201208","eccube2-weekly-20201215","eccube2-weekly-20201222","eccube2-weekly-20201229","eccube2-weekly-20210105","eccube2-weekly-20210112","eccube2-weekly-20210119","eccube2-weekly-20210126","eccube2-weekly-20210202","eccube2-weekly-20210209","eccube2-weekly-20210216","eccube2-weekly-20210223","eccube2-weekly-20210302","eccube2-weekly-20210309","eccube2-weekly-20210316","eccube2-weekly-20210323","eccube2-weekly-20210330","eccube2-weekly-20210406","eccube2-weekly-20210413","eccube2-weekly-20210420","eccube2-weekly-20210427","eccube2-weekly-20210504","eccube2-weekly-20210511","eccube2-weekly-20210525","eccube2-weekly-20210601","eccube2-weekly-20210608","eccube2-weekly-20210615","eccube2-weekly-20210622","eccube2-weekly-20210629","eccube2-weekly-20210706","eccube2-weekly-20210713","eccube2-weekly-20210720","eccube2-weekly-20210727","eccube2-weekly-20210803","eccube2-weekly-20210817","eccube2-weekly-20210824","eccube2-weekly-20210831","eccube2-weekly-20210907","eccube2-weekly-20210914","eccube2-weekly-20210921","eccube2-weekly-20210928","eccube2-weekly-20211005","eccube2-weekly-20211012","eccube2-weekly-20211019","eccube2-weekly-20211026","eccube2-weekly-20211102","eccube2-weekly-20211109"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-22438.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}