Moderate severityNVD Advisory· Published May 10, 2021· Updated Aug 3, 2024
CVE-2021-20717
CVE-2021-20717
Description
Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE. As a result, it may lead to an arbitrary script execution on the administrator's web browser.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ec-cube/ec-cubePackagist | >= 4.0.0, <= 4.0.5 | — |
Affected products
2- Range: 4.0.0 to 4.0.5
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-c8mx-43cq-993wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-20717ghsaADVISORY
- jvn.jp/en/jp/JVN97554111/index.htmlghsax_refsource_MISCWEB
- www.ec-cube.net/news/detail.phpghsax_refsource_MISCWEB
- www.ec-cube.net/news/detail.phpghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.