{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "3.0.0" }, { "fixed": "3.0.18" }, { "introduced": "4.0.0" }, { "fixed": "4.0.5" }, { "introduced": "0" }, { "last_affected": "3.0.18-NA" }, { "introduced": "0" }, { "last_affected": "4.0.5-NA" } ] }, "events": [ { "introduced": "4ef1c4f8d51fd9d54a704300a26c65a278dc697a" }, { "fixed": "525aaa9f44407903f5cc20b371a5dd199ddae549" }, { "introduced": "00ef39551273847cff9b737f98f120a50d4320cc" }, { "fixed": "dc27cb56697f2a02a7950d0a12cdc9983aa0d6a3" }, { "introduced": "0" }, { "last_affected": "525aaa9f44407903f5cc20b371a5dd199ddae549" }, { "introduced": "0" }, { "last_affected": "dc27cb56697f2a02a7950d0a12cdc9983aa0d6a3" } ], "repo": "https://github.com/ec-cube/ec-cube", "type": "GIT" }, { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "3.0.18-p1" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "14cd0cf79cec92be106bccb26eb3b84146b75876" } ], "repo": "https://github.com/ec-cube/ec-cube3", "type": "GIT" } ] } ], "details": "Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18-p2 (EC-CUBE 3 series) and EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation.", "id": "CVE-2021-20750", "modified": "2026-04-01T23:08:44.543366918Z", "published": "2021-06-28T01:15:07.567Z", "references": [ { "type": "ADVISORY", "url": "https://jvn.jp/en/jp/JVN95292458/index.html" }, { "type": "ADVISORY", "url": "https://www.ec-cube.net/info/weakness/weakness.php?id=78" }, { "type": "ADVISORY", "url": "https://www.ec-cube.net/info/weakness/weakness.php?id=79" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "type": "CVSS_V3" } ] }