CVE-2021-20828
The CVE-2021-20828 entry concerns the EC-CUBE 3.0 series plugin “Order Status Batch Change Plug-in” by ActiveFusions. The vulnerability is a cross-site scripting (CWE-79) flaw caused by insufficient validation of client-side data, allowing a remote attacker to inject arbitrary script via unspecif...