First published: Fri Sep 17 2021(Updated: )
Cross-site scripting vulnerability in List (order management) item change plug-in (for EC-CUBE 3.0 series) Ver.1.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors.
Credit: vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
Shiro8 List \(order Management\) Item Change | <=1.1 | |
EC-CUBE EC-CUBE | =3.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-20825.
The affected software is Shiro8 List (order management) item change plug-in (for EC-CUBE 3.0 series) Ver.1.1 and earlier.
This vulnerability allows a remote attacker to inject an arbitrary script via unspecified vectors.
The severity of CVE-2021-20825 is medium with a CVSS score of 6.1.
To fix this vulnerability, update the Shiro8 List (order management) item change plug-in to version 1.2 or later.