Cross-Site Scripting (XSS) Vulnerabilities in LOCKON EC-CUBE's RecommendSearch Feature

Cross-Site Scripting (XSS) Vulnerabilities in LOCKON EC-CUBE's RecommendSearch Feature

CVE-2013-3653 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in the RecommendSearch feature in the management screen in LOCKON EC-CUBE before 2.12.5 allow remote attackers to inject arbitrary web script or HTML via vectors involving the rank parameter, a different vulnerability than CVE-2013-3652.

Learn more about our Web App Pen Testing.