Moderate severityNVD Advisory· Published Jun 28, 2021· Updated Aug 3, 2024
CVE-2021-20750
CVE-2021-20750
Description
Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18-p2 (EC-CUBE 3 series) and EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ec-cube/ec-cubePackagist | >= 3.0.0, <= 3.0.18-p2 | — |
ec-cube/ec-cubePackagist | >= 4.0.0, < 4.0.6 | 4.0.6 |
Affected products
2- Range: EC-CUBE 3.0.0 to 3.0.18-p2 (EC-CUBE 3 series) and EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series)
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-vrpv-26fm-7vf7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-20750ghsaADVISORY
- jvn.jp/en/jp/JVN95292458/index.htmlghsax_refsource_MISCWEB
- www.ec-cube.net/info/weakness/weakness.phpghsax_refsource_MISCWEB
- www.ec-cube.net/info/weakness/weakness.phpghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.