CVE-2021-20751

Name of the Vulnerable Software and Affected Versions: EC-CUBE versions 4.0.0 through 4.0.5-p1

Description: A cross-site scripting issue allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation.

Recommendations: For versions 4.0.0 through 4.0.5-p1, consider restricting access to specially crafted pages until a patch is available. As a temporary workaround, avoid leading administrators or users to untrusted pages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.