pkg:Packagist/ec-cube/ec-cube

All known vulnerabilities

• HIGH8.1CVE-2020-5590EC-CUBE Directory traversal vulnerability
  >= 3.0.0, <= 3.0.18
• HIGH7.5CVE-2020-5680EC-CUBE Improper input validation vulnerability
  >= 3.0.5, <= 3.0.18
• MEDIUM6.5CVE-2021-20842EC-CUBE Cross-site request forgery (CSRF) vulnerability
  >= 2.11.0, < 2.17.2
• MEDIUM6.5EC-CUBE Improper access control in Management screen
  >= 2.11.2, < 2.17.2
• MEDIUM6.1EC-CUBE Cross-site scripting vulnerability
  >= 4.0.0, < 4.0.6
• MEDIUM6.1EC-CUBE Cross-site scripting vulnerability
  >= 3.0.0, <= 3.0.18-p2
• MEDIUM6.1EC-CUBE Cross-site scripting vulnerability
  >= 4.0.0, <= 4.0.5
• MEDIUM6.1EC-CUBE Improper Restriction of Rendered UI Layers or Frames
  >= 3.0.0, <= 3.0.18
• MEDIUM6.1EC-CUBE Open redirect vulnerability
  >= 3.0.0, < 3.0.17
• MEDIUM5.4EC-CUBE DOM-based cross-site scripting vulnerability
  >= 4.0.0, <= 4.1.2
• MEDIUM5.3EC-CUBE vulnerable to authorization bypass
  >= 2.11.0, < 2.12.2
• MEDIUM5.3EC-CUBE improperly handles HTTP Host header values
  >= 3.0.0, <= 3.0.18-p3
• LOW2.7EC-CUBE Directory traversal vulnerability
  >= 3.0.0, <= 3.0.18-p4
• —EC-CUBE XSS Vulnerabilities
  from 0, < 2.4.4