CVE-2021-20828

Summary

Cross-site scripting vulnerability in Order Status Batch Change Plug-in (for EC-CUBE 3.0 series) all versions allows a remote attacker to inject an arbitrary script via unspecified vectors.

Affected Software

VendorProductVersion RangeStatus
ActiveFusions Co., Ltd.Order Status Batch Change Plug-in (for EC-CUBE 3.0 series)all versionsaffected

Weaknesses

  • Cross-site scripting

ADP Enrichment

CVE Program Container

Additional References

References