Miggo Logo
Miggo Vulnerability Database
CVE-2021-20750

CVE-2021-20750: EC-CUBE Cross-site scripting vulnerability

6.1

CVSS Score
3.1

Basic Information

CVE ID
CVE-2021-20750
GHSA ID
GHSA-vrpv-26fm-7vf7
EPSS Score
0.60061%
CWE
CWE-79
Published
5/24/2022
Updated
4/25/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
ec-cube/ec-cubecomposer>= 3.0.0, <= 3.0.18-p2
ec-cube/ec-cubecomposer>= 4.0.0, <= 4.0.5-p14.0.6

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis:
In progress

WAF Protection Rules

WAF Rule

*ross-sit* s*riptin* vuln*r**ility in **-*U** **-*U** *.*.* to *.*.**-p* (**-*U** * s*ri*s) *n* **-*U** *.*.* to *.*.*-p* (**-*U** * s*ri*s) *llows * r*mot* *tt**k*r to inj**t *n *r*itr*ry s*ript *y l***in* *n **ministr*tor or * us*r to * sp**i*lly *

Reasoning

No *n*lysis *v*il**l*