CVE-2013-3653

Multiple cross-site scripting (XSS) vulnerabilities in the RecommendSearch feature in the management screen in LOCKON EC-CUBE before 2.12.5 allow remote attackers to inject arbitrary web script or HTML via vectors involving the rank parameter, a different vulnerability than CVE-2013-3652.

Date published : 2013-06-29

http://svn.ec-cube.net/open_trac/changeset/22861

http://www.ec-cube.net/info/weakness/20130626/index.php