← back
CVE-2021-20735

CVE-2021-20735

EPSS 1.1%
Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier) allows remote attackers to inject an arbitrary script by executing a specific operation on the management page of EC-CUBE.
Affected products
ETUNA · ETUNA EC-CUBE plugins

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://jvn.jp/en/jp/JVN79254445/index.htmlhttps://www.ec-cube.net/release/detail.php?release_id=5087https://www.ec-cube.net/release/detail.php?release_id=5088https://www.ec-cube.net/release/detail.php?release_id=5089