EUVD-2021-8240

Malicious code in bioql PyPI...

CVE-2021-20828

Cross-site scripting vulnerability in Order Status Batch Change Plug-in for EC-CUBE 3.0 series all versions allows a remote attacker to inject an arbitrary script via unspecified vectors...

CVE-2021-20828

Cross-site scripting vulnerability in Order Status Batch Change Plug-in for EC-CUBE 3.0 series all versions allows a remote attacker to inject an arbitrary script via unspecified vectors...

CVE-2021-20828

Cross-site scripting vulnerability in Order Status Batch Change Plug-in for EC-CUBE 3.0 series all versions allows a remote attacker to inject an arbitrary script via unspecified vectors...

CVE-2021-20825

Cross-site scripting vulnerability in List order management item change plug-in for EC-CUBE 3.0 series Ver.1.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors...

CVE-2021-20825

Cross-site scripting vulnerability in List order management item change plug-in for EC-CUBE 3.0 series Ver.1.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors...

Cross site scripting

Cross-site scripting vulnerability in List order management item change plug-in for EC-CUBE 3.0 series Ver.1.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors...

Cross site scripting

Cross-site scripting vulnerability in Order Status Batch Change Plug-in for EC-CUBE 3.0 series all versions allows a remote attacker to inject an arbitrary script via unspecified vectors...

CVE-2021-20828

The CVE-2021-20828 entry concerns the EC-CUBE 3.0 series plugin “Order Status Batch Change Plug-in” by ActiveFusions. The vulnerability is a cross-site scripting (CWE-79) flaw caused by insufficient validation of client-side data, allowing a remote attacker to inject arbitrary script via unspecif...

CVE-2021-20825

CVE-2021-20825 affects the EC-CUBE List (order management) item change plug-in for the 3.0 series, specifically Ver.1.1 and earlier. The vulnerability is a cross-site scripting (CWE-79) flaw in the plugin, enabling an arbitrary script to be executed in the administrator’s browser via unspecified ...

CVE-2021-20825

Cross-site scripting vulnerability in List order management item change plug-in for EC-CUBE 3.0 series Ver.1.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors...

JVN#46313661: EC-CUBE plugin "List (order management) item change plug-in" vulnerable to cross-site scripting

EC-CUBE plugin "List order management item change plug-in" provided by shiro8 Co., Ltd. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the administrative page of the product. Solution Update the plug...

CVE-2021-20742

Cross-site scripting vulnerability in EC-CUBE Business form output plugin for EC-CUBE 3.0 series versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script via unspecified vector...