Medium severity4.8NVD Advisory· Published Sep 7, 2018· Updated Jun 17, 2026
CVE-2018-0657
CVE-2018-0657
Description
Cross-site scripting vulnerability in EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE (EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, and GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier) allow an attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <=3.5.23 (2.12) / <=2.3.17 (2.11)
- Range: <=3.5.23 (2.12) / <=2.3.17 (2.11)
- Gmo Payment Gateway, Inc./Ec Cube Payment Module And Gmo Pg Payment Module (pg Multi Payment Service) For Ec Cubev5Range: (EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, and GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier)
Patches
Vulnerability mechanics
References
1- jvn.jp/en/jp/JVN06372244/index.htmlnvdThird Party Advisory
News mentions
0No linked articles in our index yet.