CVE-2021-20717

Name of the Vulnerable Software and Affected Versions: EC-CUBE versions 4.0.0 through 4.0.5

Description: A cross-site scripting issue allows a remote attacker to inject a specially crafted script in a specific input field of the EC web site created using EC-CUBE, potentially leading to arbitrary script execution on the administrator's web browser.

Recommendations: For versions 4.0.0 through 4.0.5, update to a version outside of this range to mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.