GCVE - cpe:2.3:a:ec-cube_co.,ltd.:ec-cube:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ec-cube_co.,ltd.:ec-cube:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Ec Cube Co.,Ltd. (`8b2f95c1-98af-5eac-94a4-13a78806ff7b`)
Product	Ec Cube (`6dc2a318-5d5b-5269-b88d-27256ba09f83`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-20778`	vulnerable	2026-06-03 14:43:43.194088	Details available Improper access control vulnerability in EC-CUBE 4.0.6 (EC-CUBE 4 series) allows a remote attacker to bypass access restriction and obtain sensitive information via unspecified vectors. Published: 2021-07-01T05:45:17.000Z Updated: 2024-08-03T17:53:22.168Z Open on db.gcve.eu Reference links https://www.ec-cube.net/info/weakness/weakness.php?id=80 https://jvn.jp/en/jp/JVN57942445/index.html http://jvn.jp/en/jp/JVN57942445/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-20751`	vulnerable	2026-06-03 14:43:43.168505	Details available Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation. Published: 2021-06-28T00:50:41.000Z Updated: 2024-08-03T17:53:22.017Z Open on db.gcve.eu Reference links https://www.ec-cube.net/info/weakness/weakness.php?id=78 https://jvn.jp/en/jp/JVN95292458/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-20750`	vulnerable	2026-06-03 14:43:43.165901	Details available Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18-p2 (EC-CUBE 3 series) and EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation. Published: 2021-06-28T00:50:39.000Z Updated: 2024-08-03T17:53:21.998Z Open on db.gcve.eu Reference links https://www.ec-cube.net/info/weakness/weakness.php?id=79 https://www.ec-cube.net/info/weakness/weakness.php?id=78 https://jvn.jp/en/jp/JVN95292458/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-20717`	vulnerable	2026-06-03 14:43:43.037783	Details available Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE. As a result, it may lead to an arbitrary script execution on the administrator's web browser. Published: 2021-05-10T09:10:14.000Z Updated: 2024-08-03T17:53:21.816Z Open on db.gcve.eu Reference links https://www.ec-cube.net/news/detail.php?news_id=384 https://www.ec-cube.net/news/detail.php?news_id=383 https://jvn.jp/en/jp/JVN97554111/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-5680`	vulnerable	2026-06-03 14:42:57.129005	Details available Improper input validation vulnerability in EC-CUBE versions from 3.0.5 to 3.0.18 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vector. Published: 2020-12-03T11:15:33.000Z Updated: 2024-08-04T08:39:25.655Z Open on db.gcve.eu Reference links https://www.ec-cube.net/info/weakness/ https://jvn.jp/en/jp/JVN24457594/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-5679`	vulnerable	2026-06-03 14:42:57.128707	Details available Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted. Published: 2020-12-03T11:15:32.000Z Updated: 2024-08-04T08:39:25.580Z Open on db.gcve.eu Reference links https://www.ec-cube.net/info/weakness/ https://jvn.jp/en/jp/JVN24457594/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-5590`	vulnerable	2026-06-03 14:42:56.766578	Details available Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors. Published: 2020-06-19T09:35:19.000Z Updated: 2024-08-04T08:30:24.521Z Open on db.gcve.eu Reference links https://www.ec-cube.net/info/weakness/weakness.php?id=73 https://www.ec-cube.net/info/weakness/weakness.php?id=74 https://jvn.jp/en/jp/JVN77458946/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-0808`	vulnerable	2026-06-03 14:33:39.677548	Details available Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users' information by sending a crafted HTTP request. Published: 2014-01-22T21:00:00.000Z Updated: 2024-08-06T09:27:20.153Z Open on db.gcve.eu Reference links http://www.ec-cube.net/info/weakness/weakness.php?id=57 http://jvn.jp/en/jp/JVN51770585/ http://jvndb.jvn.jp/jvndb/JVNDB-2014-000006 https://ec-orange.jp/ https://jvn.jp/en/jp/JVN15637138/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.