CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-20735

Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier) allows remote attackers to inject an arbitrary script by executing a specific operation on the management page of EC-CUBE.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 56.6%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://jvn.jp/en/jp/JVN79254445/index.html
https://www.ec-cube.net/release/detail.php?release_id=5087
https://www.ec-cube.net/release/detail.php?release_id=5088
https://www.ec-cube.net/release/detail.php?release_id=5089
https://jvn.jp/en/jp/JVN79254445/index.html
https://www.ec-cube.net/release/detail.php?release_id=5087
https://www.ec-cube.net/release/detail.php?release_id=5088
https://www.ec-cube.net/release/detail.php?release_id=5089

Products affected by CVE-2021-20735

Ec-Cube » Delivery Slip Number » Version: Any

cpe:2.3:a:ec-cube:delivery_slip_number:*
Ec-Cube » Delivery Slip Number Csv Bulk Registration » Version: Any

cpe:2.3:a:ec-cube:delivery_slip_number_csv_bulk_registration:*
Ec-Cube » Delivery Slip Number Mail » Version: Any

cpe:2.3:a:ec-cube:delivery_slip_number_mail:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-20735

Products

Pricing

Contact Us