CVE-2024-41141
July 30, 2024, 1:32 p.m.
Tags
Product(s) Impacted
EC-CUBE Web API Plugin
Description
Stored cross-site scripting vulnerability exists in EC-CUBE Web API Plugin. When there are multiple users using OAuth Management feature and one of them inputs some crafted value on the OAuth Management page, an arbitrary script may be executed on the web browser of the other user who accessed the management page.
Weaknesses
Date
Published: July 30, 2024, 9:15 a.m.
Last Modified: July 30, 2024, 1:32 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
vultures@jpcert.or.jp