CVE-2021-20735

Description

Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier) allows remote attackers to inject an arbitrary script by executing a specific operation on the management page of EC-CUBE.

References

https://www.ec-cube.net/release/detail.php?release_id=5089

https://www.ec-cube.net/release/detail.php?release_id=5088

https://www.ec-cube.net/release/detail.php?release_id=5087

https://jvn.jp/en/jp/JVN79254445/index.html

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3

EPSS