CVE-2023-40281

Name of the Vulnerable Software and Affected Versions EC-CUBE versions 2.11.0 through 2.17.2-p1

Description The issue concerns a cross-site scripting vulnerability in the "mail/template" and "products/product" sections of the Management page. If exploited, this could lead to the execution of an arbitrary script on the web browser of another administrator or a user who accessed the website using the product.

Recommendations For versions 2.11.0 through 2.17.2-p1, consider disabling access to the "mail/template" and "products/product" sections of the Management page until a patch is available. Restricting the use of these vulnerable components can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.