EC-CUBE plugin (for EC-CUBE 4 series) "EC-CUBE Web API Plugin" provided by EC-CUBE CO.,LTD. contains a stored cross-site scripting vulnerability (CWE-79) in OAuth Management feature. ## Impact When there are multiple users using OAuth Management feature and one of them inputs some crafted value on the OAuth Management page, an arbitrary script may be executed on the web browser of the other user who accessed the management page. ## Solution Update the plugin Update the plugin to the latest version according to the information provided by the developer. ## Products Affected "EC-CUBE Web API Plugin" 1.0.0 and 2.1.0 to 2.1.3 (for EC-CUBE 4.0/4.1 series) "EC-CUBE Web API Plugin (4.2 series)" 4.2.0 to 4.2.3 (for EC-CUBE 4.2…Read More