{"api_version":"1","generated_at":"2026-04-21T10:22:00+00:00","cve":"CVE-2020-20640","urls":{"html":"https://cve.report/CVE-2020-20640","api":"https://cve.report/api/cve/CVE-2020-20640.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-20640","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-20640"},"summary":{"title":"CVE-2020-20640","description":"Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to security filtering issues, in the user.php file, we can use the html entity encoding to bypass the security policy of the safety.php file, triggering the xss vulnerability.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2021-06-28 18:15:00","updated_at":"2021-07-01 18:34:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"https://www.jianshu.com/p/219755c047a1","name":"https://www.jianshu.com/p/219755c047a1","refsource":"MISC","tags":[],"title":"ECShop 4.0反射型XSS漏洞分析 - 简书","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-20640","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-20640","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"20640","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"shopex","cpe5":"ecshop","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2020-20640","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to security filtering issues, in the user.php file, we can use the html entity encoding to bypass the security policy of the safety.php file, triggering the xss vulnerability."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://www.jianshu.com/p/219755c047a1","refsource":"MISC","name":"https://www.jianshu.com/p/219755c047a1"}]}},"nvd":{"publishedDate":"2021-06-28 18:15:00","lastModifiedDate":"2021-07-01 18:34:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":2.7},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:shopex:ecshop:4.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"20640","Ordinal":"182049","Title":"CVE-2020-20640","CVE":"CVE-2020-20640","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"20640","Ordinal":"1","NoteData":"Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to security filtering issues, in the user.php file, we can use the html entity encoding to bypass the security policy of the safety.php file, triggering the xss vulnerability.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"20640","Ordinal":"2","NoteData":"2021-06-28","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"20640","Ordinal":"3","NoteData":"2021-06-28","Type":"Other","Title":"Modified"}]}}}