Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
3 vulnerabilities by ETUNA
CVE-2021-20735 (GCVE-0-2021-20735)
Vulnerability from cvelistv5 – Published: 2021-06-22 01:35 – Updated: 2024-08-03 17:53
VLAI
Summary
Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier) allows remote attackers to inject an arbitrary script by executing a specific operation on the management page of EC-CUBE.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.ec-cube.net/release/detail.php?releas… | x_refsource_MISC |
| https://www.ec-cube.net/release/detail.php?releas… | x_refsource_MISC |
| https://www.ec-cube.net/release/detail.php?releas… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN79254445/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ETUNA | ETUNA EC-CUBE plugins |
Affected:
Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:21.843Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ec-cube.net/release/detail.php?release_id=5088"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ec-cube.net/release/detail.php?release_id=5087"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ec-cube.net/release/detail.php?release_id=5089"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN79254445/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ETUNA EC-CUBE plugins",
"vendor": "ETUNA",
"versions": [
{
"status": "affected",
"version": "Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier) allows remote attackers to inject an arbitrary script by executing a specific operation on the management page of EC-CUBE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-22T01:35:48.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ec-cube.net/release/detail.php?release_id=5088"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ec-cube.net/release/detail.php?release_id=5087"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ec-cube.net/release/detail.php?release_id=5089"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN79254445/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ETUNA EC-CUBE plugins",
"version": {
"version_data": [
{
"version_value": "Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier"
}
]
}
}
]
},
"vendor_name": "ETUNA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier) allows remote attackers to inject an arbitrary script by executing a specific operation on the management page of EC-CUBE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ec-cube.net/release/detail.php?release_id=5088",
"refsource": "MISC",
"url": "https://www.ec-cube.net/release/detail.php?release_id=5088"
},
{
"name": "https://www.ec-cube.net/release/detail.php?release_id=5087",
"refsource": "MISC",
"url": "https://www.ec-cube.net/release/detail.php?release_id=5087"
},
{
"name": "https://www.ec-cube.net/release/detail.php?release_id=5089",
"refsource": "MISC",
"url": "https://www.ec-cube.net/release/detail.php?release_id=5089"
},
{
"name": "https://jvn.jp/en/jp/JVN79254445/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN79254445/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20735",
"datePublished": "2021-06-22T01:35:48.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:53:21.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20735 (GCVE-0-2021-20735)
Vulnerability from nvd – Published: 2021-06-22 01:35 – Updated: 2024-08-03 17:53
VLAI
Summary
Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier) allows remote attackers to inject an arbitrary script by executing a specific operation on the management page of EC-CUBE.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.ec-cube.net/release/detail.php?releas… | x_refsource_MISC |
| https://www.ec-cube.net/release/detail.php?releas… | x_refsource_MISC |
| https://www.ec-cube.net/release/detail.php?releas… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN79254445/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ETUNA | ETUNA EC-CUBE plugins |
Affected:
Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:21.843Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ec-cube.net/release/detail.php?release_id=5088"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ec-cube.net/release/detail.php?release_id=5087"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ec-cube.net/release/detail.php?release_id=5089"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN79254445/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ETUNA EC-CUBE plugins",
"vendor": "ETUNA",
"versions": [
{
"status": "affected",
"version": "Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier) allows remote attackers to inject an arbitrary script by executing a specific operation on the management page of EC-CUBE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-22T01:35:48.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ec-cube.net/release/detail.php?release_id=5088"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ec-cube.net/release/detail.php?release_id=5087"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ec-cube.net/release/detail.php?release_id=5089"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN79254445/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ETUNA EC-CUBE plugins",
"version": {
"version_data": [
{
"version_value": "Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier"
}
]
}
}
]
},
"vendor_name": "ETUNA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier) allows remote attackers to inject an arbitrary script by executing a specific operation on the management page of EC-CUBE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ec-cube.net/release/detail.php?release_id=5088",
"refsource": "MISC",
"url": "https://www.ec-cube.net/release/detail.php?release_id=5088"
},
{
"name": "https://www.ec-cube.net/release/detail.php?release_id=5087",
"refsource": "MISC",
"url": "https://www.ec-cube.net/release/detail.php?release_id=5087"
},
{
"name": "https://www.ec-cube.net/release/detail.php?release_id=5089",
"refsource": "MISC",
"url": "https://www.ec-cube.net/release/detail.php?release_id=5089"
},
{
"name": "https://jvn.jp/en/jp/JVN79254445/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN79254445/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20735",
"datePublished": "2021-06-22T01:35:48.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:53:21.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2021-000049
Vulnerability from jvndb - Published: 2021-06-15 16:09 - Updated:2021-06-16 11:52
Severity
Summary
Multiple ETUNA EC-CUBE plugins vulnerable to cross-site scripting
Details
Multiple EC-CUBE plugins provided by ETUNA contain a cross-site scripting vulnerability (CWE-79).
An arbitrary script may be executed by executing a specific operation on the management page of EC-CUBE.
As of 2021 June 15, an attack exploting this vulnerability has been observed in the wild.
Yoshimitsu Kato of Asterisk Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000049.html",
"dc:date": "2021-06-16T11:52+09:00",
"dcterms:issued": "2021-06-15T16:09+09:00",
"dcterms:modified": "2021-06-16T11:52+09:00",
"description": "Multiple EC-CUBE plugins provided by ETUNA contain a cross-site scripting vulnerability (CWE-79).\r\nAn arbitrary script may be executed by executing a specific operation on the management page of EC-CUBE.\r\n\r\nAs of 2021 June 15, an attack exploting this vulnerability has been observed in the wild.\r\n\r\nYoshimitsu Kato of Asterisk Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000049.html",
"sec:cpe": [
{
"#text": "cpe:/a:misc:delivery_slip_number",
"@product": "Delivery slip number plugin",
"@vendor": "ETUNA",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:delivery_slip_number_csv_bulk_registration",
"@product": "Delivery slip number csv bulk registration plugin",
"@vendor": "ETUNA",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:delivery_slip_number_mail",
"@product": "Delivery slip number mail plugin",
"@vendor": "ETUNA",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000049",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN79254445/index.html",
"@id": "JVN#79254445",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20735",
"@id": "CVE-2021-20735",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20735",
"@id": "CVE-2021-20735",
"@source": "NVD"
},
{
"#text": "https://www.jpcert.or.jp/english/at/2021/at210028.html",
"@id": "Alert Regarding Cross Site Scripting Vulnerabilities in Multiple EC-CUBE 3.0 Series Plugins",
"@source": "JPCERT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple ETUNA EC-CUBE plugins vulnerable to cross-site scripting"
}