EC-CUBE Improper Restriction of Rendered UI Layers or Frames

2022-05-2417:35:20

Google

osv.dev

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.3%

JSON

Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted.

CPENameOperatorVersion
ec-cube/ec-cubeeq3.0.1
ec-cube/ec-cubeeq3.0.13
ec-cube/ec-cubeeq3.0.0
ec-cube/ec-cubeeq3.0.11-RC
ec-cube/ec-cubeeq3.0.2
ec-cube/ec-cubeeq3.0.18
ec-cube/ec-cubeeq3.0.4
ec-cube/ec-cubeeq3.0.7
ec-cube/ec-cubeeq3.0.15
ec-cube/ec-cubeeq3.0.12

Name	Operator	Version
ec-cube/ec-cube	eq	3.0.1
ec-cube/ec-cube	eq	3.0.13
ec-cube/ec-cube	eq	3.0.0
ec-cube/ec-cube	eq	3.0.11-RC
ec-cube/ec-cube	eq	3.0.2
ec-cube/ec-cube	eq	3.0.18
ec-cube/ec-cube	eq	3.0.4
ec-cube/ec-cube	eq	3.0.7
ec-cube/ec-cube	eq	3.0.15
ec-cube/ec-cube	eq	3.0.12