Cross-Site Scripting Vulnerability in EC-CUBE by EC-CUBE Team
CVE-2021-20751

6.1MEDIUM

Key Information:

Vendor: Ec-cube Co.,ltd.
Status: Ec-cube
Vendor: CVE Published:; 28 June 2021

🔔 Create Ec-cube Co.,ltd. Vulnerability Alert

What is CVE-2021-20751?

A cross-site scripting vulnerability exists in EC-CUBE versions 4.0.0 to 4.0.5-p1, enabling remote attackers to inject arbitrary scripts. This vulnerability occurs when an attacker tricks an administrator or user into visiting a specially crafted webpage, facilitating unauthorized script execution and potential exploitation of user sessions or sensitive data.

Affected Version(s)

EC-CUBE EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series)

References

https://www.ec-cube.net/info/weakness/weakness.php?id=78

x_refsource_MISC

https://jvn.jp/en/jp/JVN95292458/index.html

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 28, 2021
Vulnerability Reserved
Dec 17, 2020