Known Vulnerabilities for products from Ec-cube

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Ec-cube".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-20842 Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series 2.11.0 to 2.17.1 allows a remote attacker to hijack the a... 6.5 - MEDIUM 2021-11-24 2021-11-27
CVE-2021-20841 Improper access control in Management screen of EC-CUBE 2 series 2.11.2 to 2.17.1 allows a remote authenticated attacker to b... 6.5 - MEDIUM 2021-11-24 2021-11-27
CVE-2021-20828 Cross-site scripting vulnerability in Order Status Batch Change Plug-in (for EC-CUBE 3.0 series) all versions allows a remote... 6.1 - MEDIUM 2021-09-17 2021-09-28
CVE-2021-20825 Cross-site scripting vulnerability in List (order management) item change plug-in (for EC-CUBE 3.0 series) Ver.1.1 and earlie... 6.1 - MEDIUM 2021-09-17 2021-10-18
CVE-2021-20778 Improper access control vulnerability in EC-CUBE 4.0.6 (EC-CUBE 4 series) allows a remote attacker to bypass access restricti... 7.5 - HIGH 2021-07-01 2021-07-08
CVE-2021-20751 Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject... 6.1 - MEDIUM 2021-06-28 2021-07-07
CVE-2021-20750 Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18-p2 (EC-CUBE 3 series) and EC-CUBE 4.0.0 to 4.0.5-p1 (EC... 6.1 - MEDIUM 2021-06-28 2021-07-07
CVE-2021-20744 Cross-site scripting vulnerability in EC-CUBE Category contents plugin (for EC-CUBE 3.0 series) versions prior to version 1.0... 6.1 - MEDIUM 2021-06-22 2021-06-24
CVE-2021-20743 Cross-site scripting vulnerability in EC-CUBE Email newsletters management plugin (for EC-CUBE 3.0 series) versions prior to ... 6.1 - MEDIUM 2021-06-22 2021-06-24
CVE-2021-20742 Cross-site scripting vulnerability in EC-CUBE Business form output plugin (for EC-CUBE 3.0 series) versions prior to version ... 6.1 - MEDIUM 2021-06-22 2021-06-24
CVE-2021-20735 Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Del... 6.1 - MEDIUM 2021-06-22 2021-07-01
CVE-2021-20717 Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote attacker to inject a specially crafted script in... 6.1 - MEDIUM 2021-05-10 2021-05-17
CVE-2020-5680 Improper input validation vulnerability in EC-CUBE versions from 3.0.5 to 3.0.18 allows a remote attacker to cause a denial-o... 7.5 - HIGH 2020-12-03 2020-12-03
CVE-2020-5679 Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. ... 6.1 - MEDIUM 2020-12-03 2020-12-03
CVE-2020-5590 Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 allows remote authenticated attackers to dele... 8.1 - HIGH 2020-06-19 2020-06-24
CVE-2019-6003 Cross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugin 2.12,2.13' version 2.4.2 and earlier allows remote at... 6.1 - MEDIUM 2019-09-12 2019-09-16
CVE-2018-16191 Open redirect vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3.0.4, EC-CUBE 3.... 6.1 - MEDIUM 2019-01-09 2019-02-06
CVE-2018-0658 Input validation issue in EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3... 7.2 - HIGH 2018-09-07 2018-11-20
CVE-2018-0657 Cross-site scripting vulnerability in EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE... 4.8 - MEDIUM 2018-09-07 2018-11-20
CVE-2016-4837 SQL injection vulnerability in the Seed Coupon plugin before 1.6 for EC-CUBE allows remote attackers to execute arbitrary SQL... 9.8 - CRITICAL 2016-08-01 2020-08-27

Known software with vulnerabilities from Ec-cube

Type Vendor Product Version
ApplicationEc-cubeAmazon Pay-
ApplicationEc-cubeDiscount Coupon1.0
ApplicationEc-cubeEc-cube1.1.1
ApplicationEc-cubeEc-cube Payment Module-

Popular searches for "Ec-cube"