Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    3 vulnerabilities by ETUNA

    CVE-2021-20735 (GCVE-0-2021-20735)

    Vulnerability from cvelistv5 – Published: 2021-06-22 01:35 – Updated: 2024-08-03 17:53
    VLAI
    Summary
    Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier) allows remote attackers to inject an arbitrary script by executing a specific operation on the management page of EC-CUBE.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    Impacted products
    Vendor Product Version
    ETUNA ETUNA EC-CUBE plugins Affected: Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:53:21.843Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ec-cube.net/release/detail.php?release_id=5088"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ec-cube.net/release/detail.php?release_id=5087"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ec-cube.net/release/detail.php?release_id=5089"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN79254445/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ETUNA EC-CUBE plugins",
              "vendor": "ETUNA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier) allows remote attackers to inject an arbitrary script by executing a specific operation on the management page of EC-CUBE."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-22T01:35:48.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ec-cube.net/release/detail.php?release_id=5088"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ec-cube.net/release/detail.php?release_id=5087"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ec-cube.net/release/detail.php?release_id=5089"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN79254445/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20735",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ETUNA EC-CUBE plugins",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ETUNA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier) allows remote attackers to inject an arbitrary script by executing a specific operation on the management page of EC-CUBE."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ec-cube.net/release/detail.php?release_id=5088",
                  "refsource": "MISC",
                  "url": "https://www.ec-cube.net/release/detail.php?release_id=5088"
                },
                {
                  "name": "https://www.ec-cube.net/release/detail.php?release_id=5087",
                  "refsource": "MISC",
                  "url": "https://www.ec-cube.net/release/detail.php?release_id=5087"
                },
                {
                  "name": "https://www.ec-cube.net/release/detail.php?release_id=5089",
                  "refsource": "MISC",
                  "url": "https://www.ec-cube.net/release/detail.php?release_id=5089"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN79254445/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN79254445/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20735",
        "datePublished": "2021-06-22T01:35:48.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:53:21.843Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20735 (GCVE-0-2021-20735)

    Vulnerability from nvd – Published: 2021-06-22 01:35 – Updated: 2024-08-03 17:53
    VLAI
    Summary
    Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier) allows remote attackers to inject an arbitrary script by executing a specific operation on the management page of EC-CUBE.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    Impacted products
    Vendor Product Version
    ETUNA ETUNA EC-CUBE plugins Affected: Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:53:21.843Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ec-cube.net/release/detail.php?release_id=5088"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ec-cube.net/release/detail.php?release_id=5087"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ec-cube.net/release/detail.php?release_id=5089"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN79254445/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ETUNA EC-CUBE plugins",
              "vendor": "ETUNA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier) allows remote attackers to inject an arbitrary script by executing a specific operation on the management page of EC-CUBE."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-22T01:35:48.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ec-cube.net/release/detail.php?release_id=5088"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ec-cube.net/release/detail.php?release_id=5087"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ec-cube.net/release/detail.php?release_id=5089"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN79254445/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20735",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ETUNA EC-CUBE plugins",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ETUNA"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier) allows remote attackers to inject an arbitrary script by executing a specific operation on the management page of EC-CUBE."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ec-cube.net/release/detail.php?release_id=5088",
                  "refsource": "MISC",
                  "url": "https://www.ec-cube.net/release/detail.php?release_id=5088"
                },
                {
                  "name": "https://www.ec-cube.net/release/detail.php?release_id=5087",
                  "refsource": "MISC",
                  "url": "https://www.ec-cube.net/release/detail.php?release_id=5087"
                },
                {
                  "name": "https://www.ec-cube.net/release/detail.php?release_id=5089",
                  "refsource": "MISC",
                  "url": "https://www.ec-cube.net/release/detail.php?release_id=5089"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN79254445/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN79254445/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20735",
        "datePublished": "2021-06-22T01:35:48.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:53:21.843Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2021-000049

    Vulnerability from jvndb - Published: 2021-06-15 16:09 - Updated:2021-06-16 11:52
    Severity
    Summary
    Multiple ETUNA EC-CUBE plugins vulnerable to cross-site scripting
    Details
    Multiple EC-CUBE plugins provided by ETUNA contain a cross-site scripting vulnerability (CWE-79). An arbitrary script may be executed by executing a specific operation on the management page of EC-CUBE. As of 2021 June 15, an attack exploting this vulnerability has been observed in the wild. Yoshimitsu Kato of Asterisk Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000049.html",
      "dc:date": "2021-06-16T11:52+09:00",
      "dcterms:issued": "2021-06-15T16:09+09:00",
      "dcterms:modified": "2021-06-16T11:52+09:00",
      "description": "Multiple EC-CUBE plugins provided by ETUNA contain a cross-site scripting vulnerability (CWE-79).\r\nAn arbitrary script may be executed by executing a specific operation on the management page of EC-CUBE.\r\n\r\nAs of 2021 June 15, an attack exploting this vulnerability has been observed in the wild.\r\n\r\nYoshimitsu Kato of Asterisk Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000049.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:misc:delivery_slip_number",
          "@product": "Delivery slip number plugin",
          "@vendor": "ETUNA",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:misc:delivery_slip_number_csv_bulk_registration",
          "@product": "Delivery slip number csv bulk registration plugin",
          "@vendor": "ETUNA",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:misc:delivery_slip_number_mail",
          "@product": "Delivery slip number mail plugin",
          "@vendor": "ETUNA",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "6.1",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2021-000049",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN79254445/index.html",
          "@id": "JVN#79254445",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20735",
          "@id": "CVE-2021-20735",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20735",
          "@id": "CVE-2021-20735",
          "@source": "NVD"
        },
        {
          "#text": "https://www.jpcert.or.jp/english/at/2021/at210028.html",
          "@id": "Alert Regarding Cross Site Scripting Vulnerabilities in Multiple EC-CUBE 3.0 Series Plugins",
          "@source": "JPCERT"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        }
      ],
      "title": "Multiple ETUNA EC-CUBE plugins vulnerable to cross-site scripting"
    }