脆弱性

-------------------------------------------------------------------
■脆弱性の種類
-------------------------------------------------------------------
クロスサイトスクリプティング及び、セッション情報漏えいの脆弱性

-------------------------------------------------------------------
■不具合が存在するEC-CUBEのバージョン
-------------------------------------------------------------------
EC-CUBE　2.11.0 以降
	 2.11.0
	 2.11.1
	 2.11.2
	 2.11.3
	 2.11.4
	 2.11.5
	 2.12.0
	 2.12.1
	 2.12.2
	 2.12.3
	 2.12.3en.p1
	 2.12.3en.p2
	 2.12.4
	 2.12.4en
	 2.12.5
	 2.12.5en
	 2.12.6
	 2.12.6en
	 2.13.0
	 
-------------------------------------------------------------------
■修正方法について
-------------------------------------------------------------------

/data/Smarty/templates/default/shopping/payment.tpl
/data/Smarty/templates/mobile/shopping/payment.tpl
/data/Smarty/templates/sphone/shopping/payment.tpl
に以下の変更を加えます。

▽default/shopping/payment.tpl
134行目付近
-------------------------------------------------------------------
 変更前
-------------------------------------------------------------------
<input type="hidden" name="<!--{$key}-->" value="<!--{$arrForm[$key].value}-->" id="deliv_id" />
-------------------------------------------------------------------

-------------------------------------------------------------------
 変更後
-------------------------------------------------------------------
<input type="hidden" name="<!--{$key}-->" value="<!--{$arrForm[$key].value|h}-->" id="deliv_id" />
-------------------------------------------------------------------

▽mobile/shopping/payment.tpl
31行目付近
-------------------------------------------------------------------
 変更前
-------------------------------------------------------------------
<input type="hidden" name="<!--{$key}-->" value="<!--{$arrForm[$key].value}-->">
-------------------------------------------------------------------

-------------------------------------------------------------------
 変更後
-------------------------------------------------------------------
<input type="hidden" name="<!--{$key}-->" value="<!--{$arrForm[$key].value|h}-->">
-------------------------------------------------------------------

▽sphone/shopping/payment.tpl
133行目付近
-------------------------------------------------------------------
 変更前
-------------------------------------------------------------------
<input type="hidden" name="<!--{$key}-->" value="<!--{$arrForm[$key].value}-->" id="deliv_id" />
-------------------------------------------------------------------

-------------------------------------------------------------------
 変更後
-------------------------------------------------------------------
<input type="hidden" name="<!--{$key}-->" value="<!--{$arrForm[$key].value|h}-->" id="deliv_id" />

=================================================================================================================

下記のリビジョンで修正
http://svn.ec-cube.net/open_trac/changeset/23275