Vulnerabilities > EC Cube > Delivery Slip Number CSV Bulk Registration > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-06-22	CVE-2021-20735	Cross-site Scripting vulnerability in Ec-Cube products Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier) allows remote attackers to inject an arbitrary script by executing a specific operation on the management page of EC-CUBE. network ec-cube CWE-79	4.3

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.