Cross-Site Scripting Vulnerability in EC-CUBE Category Contents Plugin by EC-CUBE
CVE-2021-20744

6.1MEDIUM

Key Information:

Vendor: Ec-cube Co.,ltd.
Status: Ec-cube Category Contents Plugin (for Ec-cube 3.0 Series)
Vendor: CVE Published:; 22 June 2021

🔔 Create Ec-cube Co.,ltd. Vulnerability Alert

What is CVE-2021-20744?

The EC-CUBE Category contents plugin for the EC-CUBE 3.0 series contains a cross-site scripting vulnerability that allows remote attackers to inject arbitrary scripts by tricking an administrator or user into visiting a maliciously crafted page. This issue affects versions prior to 1.0.1 and highlights the necessity for users to ensure their software is updated to mitigate potential exploits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

EC-CUBE Category contents plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.1

References

https://jvn.jp/en/jp/JVN57524494/index.html

x_refsource_MISC

https://www.ec-cube.net/products/detail.php?product_id=1070

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 22, 2021
Vulnerability Reserved
Dec 17, 2020

JSON

Ec-cube Co.,ltd.