First published: Tue Jun 22 2021(Updated: )
Cross-site scripting vulnerability in EC-CUBE Business form output plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script via unspecified vector.
Credit: vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
EC-CUBE Business form output | <1.0.1 | |
EC-CUBE EC-CUBE | >=3.0.0<=3.0.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2021-20742.
The severity of CVE-2021-20742 is medium (6.1).
The affected software for CVE-2021-20742 is EC-CUBE Business form output plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.1 and EC-CUBE 3.0.0 to 3.0.8.
A remote attacker can exploit CVE-2021-20742 by injecting an arbitrary script via an unspecified vector.
You can find more information about CVE-2021-20742 at the following references: [https://jvn.jp/en/jp/JVN57524494/index.html](https://jvn.jp/en/jp/JVN57524494/index.html) and [https://www.ec-cube.net/products/detail.php?product_id=959](https://www.ec-cube.net/products/detail.php?product_id=959).