Cross-Site Scripting Vulnerability in EC-CUBE Category Contents Plugin by EC-CUBE
CVE-2021-20744
6.1MEDIUM
What is CVE-2021-20744?
The EC-CUBE Category contents plugin for the EC-CUBE 3.0 series contains a cross-site scripting vulnerability that allows remote attackers to inject arbitrary scripts by tricking an administrator or user into visiting a maliciously crafted page. This issue affects versions prior to 1.0.1 and highlights the necessity for users to ensure their software is updated to mitigate potential exploits.
Affected Version(s)
EC-CUBE Category contents plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.1