Moderate severityNVD Advisory· Published Jun 28, 2021· Updated Aug 3, 2024

CVE-2021-20751

Description

Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
ec-cube/ec-cubePackagist	>= 4.0.0, < 4.0.6	4.0.6

Affected products

ghsa-coords
pkg:composer/ec-cube/ec-cube
Range: >= 4.0.0, < 4.0.6
Ec Cube Co.,ltd./Ec Cubecpe-rescue
Range: EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series)

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-r6qq-qc9m-98w2ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2021-20751ghsaADVISORY
jvn.jp/en/jp/JVN95292458/index.htmlghsax_refsource_MISCWEB
www.ec-cube.net/info/weakness/weakness.phpghsax_refsource_MISCWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000