Cross-site scripting vulnerability in Order Status Batch Change Plug-in (for EC-CUBE 3.0 series) all versions allows a remote attacker to inject an arbitrary script via unspecified vectors.
|https://www.activefusions.com/news/2021/20210915.html||Third Party Advisory|
|https://jvn.jp/en/jp/JVN23406150/index.html||Third Party Advisory|
Configuration 1 (hide)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')