CVE-2021-20828

Description

Cross-site scripting vulnerability in Order Status Batch Change Plug-in (for EC-CUBE 3.0 series) all versions allows a remote attacker to inject an arbitrary script via unspecified vectors.

Affected products

• ActiveFusions Co., Ltd. / Order Status Batch Change Plug-in (for EC-CUBE 3.0 series)all versions – all versions

References

• MISChttps://www.activefusions.com/news/2021/20210915.html
• MISChttps://jvn.jp/en/jp/JVN23406150/index.html