CVE-2021-20735

Опубликовано: 22 июн. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier) allows remote attackers to inject an arbitrary script by executing a specific operation on the management page of EC-CUBE.

Ссылки

https://jvn.jp/en/jp/JVN79254445/index.html
Third Party Advisory
https://www.ec-cube.net/release/detail.php?release_id=5087
Vendor Advisory
https://www.ec-cube.net/release/detail.php?release_id=5088
Vendor Advisory
https://www.ec-cube.net/release/detail.php?release_id=5089
Vendor Advisory
https://jvn.jp/en/jp/JVN79254445/index.html
Third Party Advisory
https://www.ec-cube.net/release/detail.php?release_id=5087
Vendor Advisory
https://www.ec-cube.net/release/detail.php?release_id=5088
Vendor Advisory
https://www.ec-cube.net/release/detail.php?release_id=5089
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ec-cube:delivery_slip_number:*:*:*:*:*:ec-cube:*:*

Версия до 1.0.10 (включая)

cpe:2.3:a:ec-cube:delivery_slip_number_csv_bulk_registration:*:*:*:*:*:ec-cube:*:*

Версия до 1.0.8 (включая)

cpe:2.3:a:ec-cube:delivery_slip_number_mail:*:*:*:*:*:ec-cube:*:*

Версия до 1.0.8 (включая)

EPSS

Процентиль: 57%

0.00347

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-p393-fh7c-vh28

github

больше 3 лет назад