Vulnerabilities > CVE-2020-5679 - Improper Restriction of Rendered UI Layers or Frames vulnerability in Ec-Cube

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

ec-cube

CWE-1021

NVD

Published: 2020-12-03

Updated: 2020-12-03

Summary

Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted.

Vulnerable Configurations

Part	Description	Count
Application	Ec-Cube EC Cube EC Cube 3.0.0 EC Cube EC Cube 3.0.1 EC Cube EC Cube 3.0.2 EC Cube EC Cube 3.0.3 EC Cube EC Cube 3.0.4 EC Cube EC Cube 3.0.5 EC Cube EC Cube 3.0.6 EC Cube EC Cube 3.0.7 EC Cube EC Cube 3.0.8 EC Cube EC Cube 3.0.9 EC Cube EC Cube 3.0.10 EC Cube EC Cube 3.0.11 EC Cube EC Cube 3.0.12 EC Cube EC Cube 3.0.13 EC Cube EC Cube 3.0.14 EC Cube EC Cube 3.0.15 EC Cube EC Cube 3.0.16 EC Cube EC Cube 3.0.17 EC Cube EC Cube 3.0.18	27

Common Weakness Enumeration (CWE)

CWE-1021 - Improper Restriction of Rendered UI Layers or Frames

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References