CVE-2021-20717: Cross-site Scripting

May 10, 2021 (updated May 17, 2021)

Cross-site scripting vulnerability in EC-CUBE to allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE. As a result, it may lead to an arbitrary script execution on the administrator’s web browser.

References

nvd.nist.gov/vuln/detail/CVE-2021-20717
www.ec-cube.net/news/detail.php?news_id=383
www.ec-cube.net/news/detail.php?news_id=384

Code Behaviors & Features

Detect and mitigate CVE-2021-20717 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →