4 matches found
CVE-2020-5679
Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted...
CVE-2020-5679
EC-CUBE ABClass: CVE-2020-5679 describes an improper restriction of rendered UI layers or frames in EC-CUBE 3.0.0–3.0.18, enabling clickjacking when an admin session is active. The issue arises from rendering UI layers/frames without adequate containment, potentially causing unintended actions by...
CVE-2020-5679
Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted...
JVN#24457594: Multiple vulnerabilities in EC-CUBE
EC-CUBE provided by EC-CUBE CO.,LTD. contains multiple vulnerabilities listed below. Clickjacking attacks CWE-1021 - CVE-2020-5679 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N| Base Score: 4.3 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N| Base Score: 2.6 Imprope...