{"id":"CVE-2023-25077","details":"Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script.","modified":"2026-04-12T07:26:05.310579Z","published":"2023-03-06T00:15:10.900Z","references":[{"type":"ADVISORY","url":"https://jvn.jp/en/jp/JVN04785663/"},{"type":"FIX","url":"https://www.ec-cube.net/info/weakness/20230214/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ec-cube/ec-cube","events":[{"introduced":"00ef39551273847cff9b737f98f120a50d4320cc"},{"last_affected":"c6838851eade4903e90a0d4294f8342f2178e067"},{"introduced":"5d02dde61f824fb9e264d003f59afc4663811567"},{"last_affected":"710b64ce96786770fe59ba8255ff16925171f172"},{"introduced":"0"},{"last_affected":"8d81525bfe50caf159d9a4fb31124f479c6b658e"},{"last_affected":"70de60feb792923ef751f2876add23f612777fa0"},{"last_affected":"56786c9bb456ad52fa1f3b16dd9e675cc4a480fa"},{"last_affected":"0fbb7b3a340c75f2860123d5e01d706f8a15127b"}],"database_specific":{"cpe":["cpe:2.3:a:ec-cube:ec-cube:*:*:*:*:*:*:*:*","cpe:2.3:a:ec-cube:ec-cube:4.0.6:p1:*:*:*:*:*:*","cpe:2.3:a:ec-cube:ec-cube:4.0.6:p2:*:*:*:*:*:*","cpe:2.3:a:ec-cube:ec-cube:4.1.2:p1:*:*:*:*:*:*","cpe:2.3:a:ec-cube:ec-cube:4.2.0:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"4.0.0"},{"last_affected":"4.0.6"},{"introduced":"4.1.0"},{"last_affected":"4.1.2"},{"introduced":"0"},{"last_affected":"4.0.6-p1"},{"last_affected":"4.0.6-p2"},{"last_affected":"4.1.2-p1"},{"last_affected":"4.2.0"}],"source":"CPE_FIELD"}}],"versions":["4.0.0","4.0.1","4.0.2","4.0.3","4.0.4","4.0.5","4.0.5-p1","4.0.5-rc","4.0.6","4.0.6-p1","4.0.6-p2","4.1.0","4.1.1","4.1.1-20211130","4.1.2","4.1.2-20220128","4.1.2-20220203","4.1.2-p1","4.2.0","4.2.0-alpha","4.2.0-beta","4.2.0-beta-20220630","4.2.0-beta-20220722","4.2.0-beta-20220802","4.2.0-beta2","4.2.0-beta2-20220810","4.2.0-beta2-20220824","4.2.0-beta2-20220825","4.2.0-beta2-20220826","4.2.0-beta2-20220829","4.2.0-beta2-20220905","4.2.0-beta2-20220916","4.2.0-rc","co/20190306","co/20190313","co/20190404","co/20190417","co/20190508","co/20190613","co/20190710","co/20190718","co/20190808","co/20190822","co/20190829","co/20190905","co/20190912","co/20190930","co/20191017","co/20191031","co/20191114","co/20191128","co/20191212","co/4.1-20211111","co/4.1-20211118","co/4.1-20211125","co/4.1-20211202","co/4.1-20220210","co/4.1-20220217","co/4.1-20220421","co/4.1-20220512","co/4.1-20220526"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-25077.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}