CVE-2020-5679: Improper Restriction of Rendered UI Layers or Frames

December 3, 2020

Improper restriction of rendered UI layers or frames in EC-CUBE versions from to leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted.

References

nvd.nist.gov/vuln/detail/CVE-2020-5679
www.ec-cube.net/info/weakness/

Code Behaviors & Features

Detect and mitigate CVE-2020-5679 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →