CVE-2021-20734: XSS
First published: Tue Jun 22 2021(Updated: )
Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Collne Welcart | =1.5.2 | |
| Welcart Plugin | =1.5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this cross-site scripting vulnerability?
The vulnerability ID for this cross-site scripting vulnerability is CVE-2021-20734.
What is the severity level of CVE-2021-20734?
The severity level of CVE-2021-20734 is medium (6.1).
Which software versions are affected by this vulnerability?
Welcart e-Commerce versions prior to 2.2.4 are affected by this vulnerability.
How can attackers exploit this vulnerability?
Attackers can exploit this vulnerability by injecting arbitrary script or HTML via unspecified vectors.
Are there any official references for CVE-2021-20734?
Yes, you can find official references for CVE-2021-20734 in the following links: - [JVN](https://jvn.jp/en/jp/JVN70566757/index.html) - [Welcart](https://www.welcart.com/archives/14039.html)
- collector/nvd-index
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/source
- agent/event
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/collne
- canonical/collne welcart
- version/collne welcart/1.5.2
- vendor/welcart
- canonical/welcart plugin
- version/welcart plugin/1.5.2