Lucene search
GoogleOSV:GHSA-C8MX-43CQ-993WHistoryMay 24, 2022 - 7:01 p.m.
EC-CUBE Cross-site scripting vulnerability
2022-05-2419:01:56
Google
osv.dev
3
Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE. As a result, it may lead to an arbitrary script execution on the administrator’s web browser.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ec-cube/ec-cube | eq | 4.0.5 | |
| ec-cube/ec-cube | eq | 4.0.5-rc | |
| ec-cube/ec-cube | eq | 4.0.1 | |
| ec-cube/ec-cube | eq | 4.0.0 | |
| ec-cube/ec-cube | eq | 4.0.3 | |
| ec-cube/ec-cube | eq | 4.0.4 | |
| ec-cube/ec-cube | eq | 4.0.2 |
Related
cvelist
cvelist
CVE-2021-20717
2021-05-10 09:10:14
prion
prion
Cross site scripting
2021-05-10 10:15:00
github
github
EC-CUBE Cross-site scripting vulnerability
2022-05-24 19:01:56
jvn
jvn
JVN#97554111: EC-CUBE vulnerable to cross-site scripting
2021-05-10 00:00:00
cve
cve
CVE-2021-20717
2021-05-10 10:15:07
nvd
nvd
CVE-2021-20717
2021-05-10 10:15:07
osv
osv
CVE-2021-20717
2021-05-10 10:15:07
githubexploit
githubexploit
Exploit for Cross-site Scripting in Ec-Cube
2021-05-29 08:08:21