2 matches found
CVE-2021-20751
EC-CUBE 4.x (4.0.0 to 4.0.5-p1) contains a cross-site scripting vulnerability that allows a remote attacker to inject arbitrary scripts by luring an administrator or user to a crafted page and prompting a specific operation. The issue affects EC-CUBE 4 series and is documented under CVE-2021-2075...
JVN#95292458: Multiple cross-site scripting vulnerabilities in EC-CUBE
EC-CUBE provided by EC-CUBE CO.,LTD. contains multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability CWE-79 - CVE-2021-20750 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...