Multiple cross-site scripting (XSS) vulnerabilities in (1) data/Smarty/templates/default/list.tpl and (2) data/Smarty/templates/default/campaign/bloc/cart_tag.tpl in EC-CUBE before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| ec-cube/ec-cube(Packagist) | 0 | 2.4.4 | N/A |
CVSS Metrics
