CVE-2013-2314

Name of the Vulnerable Software and Affected Versions LOCKON EC-CUBE versions 2.11.0 through 2.12.3enP2

Description A cross-site scripting (XSS) issue exists in the adminAuthorization function, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL associated with the management screen. This is related to the adminAuthorization function in SC Helper Session.php.

Recommendations For versions 2.11.0 through 2.12.3enP2, as a temporary workaround, consider restricting access to the management screen until a patch is available. Avoid using crafted URLs that could exploit the XSS issue in the adminAuthorization function.