Vulnerability-Lookup - Search a vulnerability

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

1 vulnerability by ETUNA

CVE-2021-20735 (GCVE-0-2021-20735)

Vulnerability from cvelistv5 – Published: 2021-06-22 01:35 – Updated: 2024-08-03 17:53

Summary

Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier) allows remote attackers to inject an arbitrary script by executing a specific operation on the management page of EC-CUBE.

Severity ?

No CVSS data available.

CWE

Cross-site scripting

Assigner

jpcert

References

URL

Tags

	https://www.ec-cube.net/release/detail.php?releas…	x_refsource_MISC
	https://www.ec-cube.net/release/detail.php?releas…	x_refsource_MISC
	https://www.ec-cube.net/release/detail.php?releas…	x_refsource_MISC
	https://jvn.jp/en/jp/JVN79254445/index.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	ETUNA	ETUNA EC-CUBE plugins	Affected: Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:53:21.843Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.ec-cube.net/release/detail.php?release_id=5088"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.ec-cube.net/release/detail.php?release_id=5087"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.ec-cube.net/release/detail.php?release_id=5089"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN79254445/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ETUNA EC-CUBE plugins",
          "vendor": "ETUNA",
          "versions": [
            {
              "status": "affected",
              "version": "Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier) allows remote attackers to inject an arbitrary script by executing a specific operation on the management page of EC-CUBE."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-22T01:35:48",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.ec-cube.net/release/detail.php?release_id=5088"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.ec-cube.net/release/detail.php?release_id=5087"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.ec-cube.net/release/detail.php?release_id=5089"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN79254445/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20735",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ETUNA EC-CUBE plugins",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ETUNA"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier) allows remote attackers to inject an arbitrary script by executing a specific operation on the management page of EC-CUBE."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ec-cube.net/release/detail.php?release_id=5088",
              "refsource": "MISC",
              "url": "https://www.ec-cube.net/release/detail.php?release_id=5088"
            },
            {
              "name": "https://www.ec-cube.net/release/detail.php?release_id=5087",
              "refsource": "MISC",
              "url": "https://www.ec-cube.net/release/detail.php?release_id=5087"
            },
            {
              "name": "https://www.ec-cube.net/release/detail.php?release_id=5089",
              "refsource": "MISC",
              "url": "https://www.ec-cube.net/release/detail.php?release_id=5089"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN79254445/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN79254445/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20735",
    "datePublished": "2021-06-22T01:35:48",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:53:21.843Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}