Moderate severityNVD Advisory· Published Dec 3, 2020· Updated Aug 4, 2024
CVE-2020-5679
CVE-2020-5679
Description
Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ec-cube/ec-cubePackagist | >= 3.0.0, <= 3.0.18 | — |
Affected products
2- Range: versions from 3.0.0 to 3.0.18
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-rwh8-h525-4jvjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-5679ghsaADVISORY
- jvn.jp/en/jp/JVN24457594/index.htmlghsax_refsource_MISCWEB
- www.ec-cube.net/info/weaknessghsaWEB
- www.ec-cube.net/info/weakness/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.