Lucene search
JpcertCVELIST:CVE-2021-20735HistoryJun 22, 2021 - 1:35 a.m.
CVE-2021-20735
2021-06-2201:35:48
jpcert
www.cve.org
5
cross-site scripting
etuna ec-cube
remote attackers
arbitrary script
management page
EPSS
0.002
Percentile
54.5%
Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier) allows remote attackers to inject an arbitrary script by executing a specific operation on the management page of EC-CUBE.
CNA Affected
[
{
"product": "ETUNA EC-CUBE plugins",
"vendor": "ETUNA",
"versions": [
{
"status": "affected",
"version": "Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier"
}
]
}
]Related
prion
prion
Cross site scripting
2021-06-22 02:15:00
jvn
jvn
cve
cve
CVE-2021-20735
2021-06-22 02:15:07
nvd
nvd
CVE-2021-20735
2021-06-22 02:15:07